header-logo
Suggest Exploit
vendor:
Prediction Football
by:
Smith Falcon
8.8
CVSS
HIGH
Cross-Site Request Forgery (CSRF)
352
CWE
Product Name: Prediction Football
Affected Version From: 2.51
Affected Version To: 2.51
Patch Exists: NO
Related CWE: N/A
CPE: a:predictionfootball:prediction_football:2.51
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Linux
2011

[title]

The POST variable in index.php?cmd=changepass is vulnerable to CSRF. An attacker can grab the header information with HTTP Live headers and replay the POST variable with the new password of the userid and logout. This allows the attacker to login with the desired user and password.

Mitigation:

Implementing CSRF protection mechanisms such as synchronizer tokens, origin checks, and same-site cookies.
Source

Exploit-DB raw data:

# Exploit Title: [title]
# Google Dork: [if relevant]  intext:"Prediction football 2.51"
# Date: 08/08/2011
# Author: Smith Falcon
# Software Link: http://www.predictionfootball.com/download/download.html
# Version: 2.51
# Tested on: Linux

First create a username and go to Account Profile

The POST variable in index.php?cmd=changepass is vulnerable to CSRF

Grab Header Information with HTTP Live headers and replay the POST VARIABLE

&OLDPWD=anything&USERID=[id of user u want pwd
changed]&PWD1=[newpass]&PWD2=[newpass]&ChangePwd=Change+Password

REPLAY with new password of the userid and logout!
Now you can login with that desired user and password!

Navigation

Suggest Exploit

Services By CQR