http://osvdb.org/show/osvdb/64693 http://cross-site-scripting.blogspot.com/2010/05/abyss-web-server-x1-xsrf.html : Abyss Web Server X1 XSRF A cross-site request forgery vunlerability in the Abyss Web Server X1 management console can be exploited to change both the username and password of the logged in user. PoC: view plain print ? 1. 2. 3.
4. 6. 8. 10. 12.
13. 14.