dalbum 144 build 174 and earlier CSRF Vulnerabilities =================================================================================== # Exploit Title:dalbum 144_174 and earlier CSRF Vulnerabilities # Vendor: http://www.dalbum.org/ # Download link :http://www.dalbum.org/index.php?go=Downloads # Author: Ahmed Elhady Mohamed # Email : ahmed.elhady.mohamed@gmail.com # version: 144 build 174 # Category: webapps # Tested on: ubuntu 11.4 # This vulnerability allows a malicious hacker to add a user delete a user and change password of a user =================================================================================== CSRF VUlnerabilities : POC 1: Add a user
POC 2: Change user's password
POC 3: Delete a user