E-Biz CMS 2.0 Cross Site Request Forgery – Torchsec
====================================================================================================================================
| # Title : E-Biz CMS v2.0 CSRF Vulnerability |
| # Author : indoushka |
| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 69.0(32-bit) |
| # Vendor : https://softech.pk/ |
| # Dork : Copyright © 2019, Designed By SOFTECH |
====================================================================================================================================
| # Title : E-Biz CMS v2.0 CSRF Vulnerability |
| # Author : indoushka |
| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 69.0(32-bit) |
| # Vendor : https://softech.pk/ |
| # Dork : Copyright © 2019, Designed By SOFTECH |
====================================================================================================================================
poc :
[+] Dorking İn Google Or Other Search Enggine.
[+] The following html code create a new admin .
[+] Go to the line 17.
[+] Set the target site link Save changes and apply .
[+] infected file : /add_user.php.
[+] http://127.0.0.1/q7.3/softpanel/add_user.php.
[+] save code as poc.html .
Add User
| Home Banners | |
| Gallery | |
| Pages | |
| Newsletter | |
| Categories |
Greetings to :=================================================================
jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |
===============================================================================
Gloss