Quick CMS v3.0 Cross Site Request Forgery (Add Admin User)

#(+) Exploit Title: Quick CMS v3.0 Cross Site Request Forgery (Add Admin User) #(+) Author : ^Xecuti0n3r #(+) E-mail : xecuti0n3r()yahoo.com #(+) Category : Web Apps [XSRF] #(+) Dork : intext:"Quick.Cms v3.0" inurl:admin.php #(+) Demo CMS Link: http://opensolution.org/Quick.Cms 1 ######################################### 1 0 I'm ^Xecuti0n3r member from Inj3ct0r Team 1 1 ######################################### 0 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1 #All you have to do is save the below code as exploit.html #Then Host a website with the exploit.html file. A person with admin permissions if visits the site, # will automatically add the attacker as Admin without warning ;) ____________________________________________________________________ ____________________________________________________________________ Code: Quick CMS v3.0 Cross Site Request Forgery (Add Admin User)

Quick CMS v3.0 Cross Site Request Forgery (Add Admin User)

EDIT USER: #All you have to do is save the below code as exploit.html #Then Host a website with the exploit.html file. A person with admin permissions if visits the site, # will automatically add the attacker as Admin without warning ;) ____________________________________________________________________ ____________________________________________________________________ Code: Quick CMS v3.0 Cross Site Request Forgery (Edit Existing Admin details)

Quick CMS v3.0 Cross Site Request Forgery (Edit Existing Admin details)

######################################################################## (+)Exploit Coded by: ^Xecuti0N3r (+)Special Thanks to: MaxCaps, d3M0l!tioN3r, aNnIh!LatioN3r (+)Gr33ts to : Inj3ct0r Operators Team : r0073r * Sid3^effectS * r4dc0re (www.1337day.com) + All the 31337 Members :) (+)<3 to :Indian Cyber Army & Indishell Crew ########################################################################