# Exploit Title: Cross-Site Request Forgery (Add Admin) # Google Dork: Powered by onArcade v2.4.2 # Date: 2018/August/4 # Author: r3m0t3nu11[Zero-way] # Software Link: ["http://www.onarcade.com"] # Version: ["Uptodate"] the appilication is vulnerable to CSRF attack (No CSRF token in place) meaning that if an admin user can be tricked to visit a crafted URL created by attacker (via spear phishing/social engineering). [P0C]#