COURIER DEPRIXA 2.5 Cross Site Request Forgery – Torchsec
====================================================================================================================================
| # Title : COURIER DEPRIXA V2.5 CSRF Vulnerability |
| # Author : indoushka |
| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 102.0.1(64-bit) |
| # Vendor : https://www.themeslide.com/courier-deprixa-logistics-worldwide-v2-5/ |
| # Dork : |
====================================================================================================================================
| # Title : COURIER DEPRIXA V2.5 CSRF Vulnerability |
| # Author : indoushka |
| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 102.0.1(64-bit) |
| # Vendor : https://www.themeslide.com/courier-deprixa-logistics-worldwide-v2-5/ |
| # Dork : |
====================================================================================================================================
poc :
[+] Dorking İn Google Or Other Search Enggine.
[+] The following html code create a new admin .
[+] Go to the line 5.
[+] Set the target site link Save changes and apply .
[+] infected file : /deprixa/settings/addusersadmin/agregar.php
[+] save code as poc.html
[+]
New Administrator
Gloss