A friend of mine said he found a website he was SURE that was exploitable, but couldn't put his finger on it. So, i signed up for the website. The website allows you one page on their site where you can fully customize it. (Kind of like xanga, or myspace). Now, in their edit area the form reads something like this:
Now for any web designers out there, you'd guess that that hidden input area is the most important part of the form, telling the site WHICH page to edit. Well, i made another user and did this:
Code: Select all
<form action=edityea.php method=post> Title<br> <input type=text name="title" size=40><br><br> Body<br> <textarea cols=x rows=x name='body'> </textarea><br> <input type=submit value="Submit Changes"> <input type=hidden name='user' value="[username in use by user editing their page]"> </form>
And thus changing the value of the input area. Then, i submitted the data and checked MY yea page (the yea page is your own customizable page).
Then i logged into the spare account and the page was editted... That's one helluva stupid web designer, agree?
By the way people, don't give the website's url, i don't want anyone to break the rules.