A remote unauthenticated attacker can create a specially crafted malicious web page with CSRF exploit, trick a logged-in administrator to visit the page, spoof the HTTP request as if it was coming from the legitimate user, and change login, email address and password of the current website administrator. A simple CSRF exploit below will change login, email and password to "admin", "[email protected]" and "123456" respectively.
Simply click the Likes link in the top navbar to view a list and email it to yourself.
Think of it as our way of helping you create your own short list of products.
To learn how to contribute or work with us, drop us a line.
You can post your profile, use advanced search, send and receive messages absolutely free.
A simple exploit below will replace full path to sendmail program with the following "cp config.txt" system command that will copy "config.php" file into "config.txt" making its content publicly accessible: The command will be executed the next time when any email is being sent by the vulnerable web application.