# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # ======================================================== # # # Matrimony 2.7 ( Admin account takeover ) Cross site request forgery # # Description : change password functionality in the admin panel does not check for current password and no CSRF token in place which allow # an Attackers to be able to completely compromise the admin account by changing the password for the [ Admin ] account which is the default name # # exploitation code : -
# Steps to produce : - # 1) host the above code in the cloud # 2) trick the admin to visit the page # 3) password will be changed to 12345 # 4) attacker can navigate to the admin panel http://localhost/script/admin/login.php # 5) attacker should be able to login with new credentials as ( Admin ) since its the default account # # # # Risk : attackers are able to gain full access to the administrator panel after chaning the password for the admin # and thus have total control over the web application, including content change,and change user's account download backup of the site access to user's data.. # # # Remedy : developer should implement a check for current password and use CSRF token for each request # # # # ======================================================== # [+] Disclaimer # # Permission is hereby granted for the redistribution of this advisory, # provided that it is not altered except by reformatting it, and that due # credit is given. Permission is explicitly given for insertion in # vulnerability databases and similar, provided that due credit is given to # the author. The author is not responsible for any misuse of the information contained # herein and prohibits any malicious use of all security related information # or exploits by the author or elsewhere. # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # Iranian Exploit DataBase = http://IeDb.Ir [2017-09-01]