CVE-2012-0990

DClassifieds 0.1 final - Cross-Site Request Forgery via Admin Settings Update

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-0990. PoCs published by High-Tech Bridge SA.

AI-analyzed exploit summary This exploit demonstrates a CSRF vulnerability in DClassifieds 0.1 final, allowing an attacker to submit a crafted form to change the admin contact email without user interaction. The form is auto-submitted via JavaScript, making it a silent attack.

Description

Cross-site request forgery (CSRF) vulnerability in admin/settings/update in DClassifieds 0.1 final allows remote attackers to hijack the authentication of administrators for requests that modify account settings such as the administrator password or email via certain Settings[] parameters.

Exploits (1)

exploitdb WORKING POC VERIFIED

by High-Tech Bridge SA · textwebappsphp

https://www.exploit-db.com/exploits/36627

View Code ZIP pw:eip

This exploit demonstrates a CSRF vulnerability in DClassifieds 0.1 final, allowing an attacker to submit a crafted form to change the admin contact email without user interaction. The form is auto-submitted via JavaScript, making it a silent attack.

Classification

Working Poc 90%

Attack Type

Other

Complexity

Trivial

Reliability

Reliable

Target: DClassifieds 0.1 final

No auth needed

Prerequisites: Victim must visit a malicious page hosting the exploit

MITRE ATT&CK