.__ _____ _______ | |__ / | |___ __\ _ \_______ ____ | | \ / | |\ \/ / /_\ \_ __ \_/ __ \ | Y \/ ^ /> <\ \_/ \ | \/\ ___/ |___| /\____ |/__/\_ \\_____ /__| \___ > \/ |__| \/ \/ \/ _____________________________ / _____/\_ _____/\_ ___ \ \_____ \ | __)_ / \ \/ / \ | \\ \____ /_______ //_______ / \______ / \/ \/ \/ UNASJEE CMS -> Admin Panel CSRF Vulnerability PoC Exploits ~~~~~~~~~~~~~~~[My]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ [+] Discovered by: KnocKout [~] Contact : knockout@e-mail.com.tr [~] HomePage : http://h4x0resec.blogspot.com ############################################################ Greetz: KedAns-Dz & DaiMon & _UnDeRTaKeR_ & BARCOD3 & Septemb0x & ZoRLu http://milw00rm.com / http://fiXen.org ############################################################ ~~~~~~~~~~~~~~~~[Software info]~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |~Web App. : UNASJEE CMS |~Affected Version : All Version |~Vendor : http://www.unasjee.net/ |~DORK : intext:Designed & Developed by: UNASJEE |~RISK : High |~Date: 22.03.2015 |~Tested On : [L] Kali Linux ####################INFO################################ admin panel without login It is possible to post data the server will accept absolute. ######################################################## Demo and Tested on; http://turnnersports.com http://www.badhawaind.com http://www.cliftonintl.com http://www.aqnaf.com http://shanisports.com http://tayyabgarments.com http://www.shreentrader.com http://www.moosaleathers.com ---------------------------------------------------------- ---------------------------------------------------------- Change Profile Detai PoC ---------------------------------------------------------- ---------------------------------------------------------- Add News PoC ----------------------------------------------------------

Title: * Date: * (YYYY-MM-DD) News: *

---------------------------------------------------------- Add Products PoC ----------------------------------------------------------

Name:

Show:

Yes

Category Image:

70 x 62 px

---------------------------------------------------------- Change Contact Details PoC ----------------------------------------------------------

Change your Contact Detail:

First Contact Person:
Contact Person:
Designation:
Mobile:
Second Contact Person:
Contact Person:
Designation:
Mobile:
Third Contact Person:
Contact Person:
Designation:
Mobile:

Phone I:
Phone II:
Phone III:

Fax I:

E - Mail I:
E - Mail II:
E - Mail II:

Web Site:

Skype:
Yahoo:
gTalk:
MSN:

Asia Head Office Address:	HACKER
Hong Kong Office Address:
Australian Office Address: