Selamun Aleyküm.
##HEADLINE
Travel Portal II (6.0) - CSRF Admin Password Change PoC Exploit
##HEADLINE
zeroday 12 Eylül 2014 itibariyle
Vulnerability report in;
travel_portal_II_csrf.txt
~~~~~~~~~~~~~~~[My]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[+] Author : KnocKout
[~] Contact(onlymail) : knockout@e-mail.com.tr
[~] HomePage : http://cyber-warrior.org - http://h4x0resec.blogspot.com
############################################################
Turkey Security Group
’h4x0re SECURITY’
###########################################################
~~~~~~~~~~~~~~~~[Software info]~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|~Web App. : Travel Portal II (6.0)
|~Affected Version : II 6.0 and predecessors.. / all version
|~Official Software Web: http://www.tourismscripts.com/scrip...flights-villas-flats-custom-potal-script.html
|~PRICE : 349 Euro
|~RISK : High
|~Google Keyword/Dorks : N/A
|~Tested On : Kali Linux \\ Mozilla Firefox
####################INFO################################
admin password can be changed easily..
####################Usage Exploit########################
Exploitation
Edit to exploit.html target website..
Open exploit.html your browser..
Determine your new password.
GO TO ADMIN PANEL..
####################Example affected sites & Tested on#####
http://travelportal.tourismscripts.com/ ( Official Demo )
http://almarjanmakkah.com
http://www.istanbulairportal.com
#################################################################
go to Exploit/KAYNAK : http://h4x0resec.blogspot.com.tr/2014/09/travel-portal-ii-60-csrf-admin-password.html
##HEADLINE
Travel Portal II (6.0) - CSRF Admin Password Change PoC Exploit
##HEADLINE
zeroday 12 Eylül 2014 itibariyle
Vulnerability report in;
travel_portal_II_csrf.txt
~~~~~~~~~~~~~~~[My]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[+] Author : KnocKout
[~] Contact(onlymail) : knockout@e-mail.com.tr
[~] HomePage : http://cyber-warrior.org - http://h4x0resec.blogspot.com
############################################################
Turkey Security Group
’h4x0re SECURITY’
###########################################################
~~~~~~~~~~~~~~~~[Software info]~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|~Web App. : Travel Portal II (6.0)
|~Affected Version : II 6.0 and predecessors.. / all version
|~Official Software Web: http://www.tourismscripts.com/scrip...flights-villas-flats-custom-potal-script.html
|~PRICE : 349 Euro
|~RISK : High
|~Google Keyword/Dorks : N/A
|~Tested On : Kali Linux \\ Mozilla Firefox
####################INFO################################
admin password can be changed easily..
####################Usage Exploit########################
Exploitation
Edit to exploit.html target website..
Open exploit.html your browser..
Determine your new password.
GO TO ADMIN PANEL..
####################Example affected sites & Tested on#####
http://travelportal.tourismscripts.com/ ( Official Demo )
http://almarjanmakkah.com
http://www.istanbulairportal.com
#################################################################
go to Exploit/KAYNAK : http://h4x0resec.blogspot.com.tr/2014/09/travel-portal-ii-60-csrf-admin-password.html
