This is a functional CSRF exploit targeting PHP Nuke 8.2.4, demonstrating how an attacker can trick an authenticated admin into submitting a malicious form to add a group. The exploit uses a hidden HTML form with JavaScript auto-submission to perform the action without user interaction.
Classification
Working Poc 95%
Attack Type
Other
Complexity
Trivial
Reliability
Reliable
Target:PHP Nuke 8.2.4
Auth required
Prerequisites:Victim must be authenticated as an admin · Victim must visit the malicious page