IPN Development Handler v2.0 CSRF (Change Admin Account)

vendor:

IPN Development Handler

by:

AtT4CKxT3rR0r1ST

5.5

CVSS

MEDIUM

CSRF

352

CWE

Product Name: IPN Development Handler

Affected Version From: IPN Development Handler v2.0

Affected Version To: IPN Development Handler v2.0

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

IPN Development Handler v2.0 CSRF (Change Admin Account)

This exploit allows an attacker to change the admin account credentials by submitting a form with hidden input fields containing the new username and password values. The form action URL is http://localhost/siteadmin/EditInfo.php.

Mitigation:

To mitigate this vulnerability, ensure that proper input validation and authentication mechanisms are in place to prevent unauthorized access or modification of admin account credentials.

Source

IPN Development Handler v2.0 CSRF (Change Admin Account)

Mitigation:

Exploit-DB raw data: