CVE-2009-4349

Link Up Gold 5.0 - Cross-Site Request Forgery in Administrative Account Creation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-4349. PoCs published by bi0.

AI-analyzed exploit summary This exploit demonstrates a CSRF vulnerability in Link Up Gold, allowing an attacker to create an administrator account by tricking an authenticated user into submitting a malicious form. The PoC includes a pre-filled HTML form that grants full administrative privileges to a new user.

Description

Cross-site request forgery (CSRF) vulnerability in administration/administrators.php in Link Up Gold 5.0 allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts.

Exploits (1)

exploitdb WORKING POC VERIFIED

by bi0 · textwebappsphp

https://www.exploit-db.com/exploits/10436

View Code ZIP pw:eip

This exploit demonstrates a CSRF vulnerability in Link Up Gold, allowing an attacker to create an administrator account by tricking an authenticated user into submitting a malicious form. The PoC includes a pre-filled HTML form that grants full administrative privileges to a new user.

Classification

Working Poc 100%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Link Up Gold

Auth required

Prerequisites: Victim must be authenticated as an administrator · Victim must visit the malicious HTML page

MITRE ATT&CK