# Title : Who's Who Script CSRF Exploit (Add Admin Account) # Author : ZoRLu / zorlu@milw00rm.com / submit@milw00rm.com # Home : http://milw00rm.com / its online # Date : 30.10.2014 # Demo : http://demo.phpscriptlerim.com/free/whoswho/ # Download1 : http://www.phpscriptlerim.com/download/indir.php?id=14 # Download2 : https://yadi.sk/d/C8eQcvUeJjeZ2 # Thks : exploit-db.com, packetstormsecurity.com, securityfocus.com, sebug.net and others # Note : I write exploit for adminsave.php but other file has a vuln in /yonetim/plugins folder. You can write exp. for other files. # Vulnerable : ayarsave.php, uyesave.php, slaytadd.php, slaytsave.php # Not Vuln : uyedel.php and slaytdel.php file's not vulnerable for CSRF. Because session control available to files Who's Who Script CSRF Exploit (Add Admin Account)

Admin Panel