目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1310

100%
请我们喝杯咖啡

CVE-2009-4092 PoC — Simplog "user.php" 跨站请求伪造漏洞

来源
https://github.com/xiaoyu-iid/Simplog-Exploit
关联漏洞
标题:Simplog "user.php" 跨站请求伪造漏洞 (CVE-2009-4092)
Description:Simplog 0.9.3.2以及可能之前的版本中的user.php存在跨站请求伪造漏洞。远程攻击者可以劫持管理员和用户的身份认证,以便发送更改密码的请求。
Description
Setup, exploit and patch for CVE-2009-4092 Simplog CSRF
介绍
# Simplog-Exploit

This repository contains the setup, exploit and patch for CVE-2009-4092 Simplog CSRF Vulnerability.

The vulnerabily exists in the user.php file of Simplog 0.9.3.2, a web application used for providing people with an easy way to create and maintain a blog on their personal websites. Attackers can use cross-site request forgery (CSRF) to hijack the user authentication process by sending a malicious request to change the password.

# Setup
Our setup includes an Apache webserver (on localhost) capable of handling PHP pages, and a MySQL database hosted on the same server.

# Exploit

# Patch

# Disclaimer
Simplog 0.9.3.2 is created by Jeremy Ashcraft (ashcraft@13monkeys.com). It is free software, released under GNU GPL Licence version 2.0.
文件快照

登录后查看神龙缓存的 POC 文件快照

登录查看
备注
    1. 建议优先通过来源进行访问。
    2. 本地 POC 快照面向订阅用户开放;当原始来源失效或无法访问时,本地镜像作为订阅权益的一部分提供。
    3. 持续抓取、验证、维护这份 POC 档案需要不少投入,因此本地快照已纳入付费订阅。您的订阅是让这份资料能继续走下去的关键,由衷感谢。 查看订阅方案 →